View Full Version : Reminder: Remove the 'install' folder

04-14-2011, 10:27 PM
It's really important that you remove the install folder after installing or updating. Today people have been noticing their sites compromised due to leaving the install folder on their site.

If your site has been 'hacked' please download this file:


Place in your main directory and run.

This will reset all your AV Arcade settings and make only the original admin user an admin as a precaution. You will need to login via the admin panel as the site URL will not be correct.

I will be securing the install folder in the next release so even when people forget, the installer wont run if the site has already been installed.


04-14-2011, 10:30 PM
THat will be a nice addition to those that fail to read the announcment upon install to remove the install folder lol... great support as always man

04-14-2011, 10:34 PM
I am going to hold my hands up and say that I left it on demo.avarcadepro.com myself. It wont be hard to add a simple check, I already have it so that the next version should be able to detect the current version and automatically run the required update.

04-15-2011, 06:21 PM
Shame on me! I forgot it on 2 of my websites :)

Guido B
04-15-2011, 06:40 PM
It is indeed important to delete it :)
Nice mod for when you have forgotten it, and things went wrong!

Bad Wolf
04-15-2011, 07:02 PM
Yep I got nailed just today with the Rick Rolling prank on my Girlz Gamez site. Man I thought I had that damned file deleted. Guess I forgot last update. My host is looking for the path of the hack then if I have to Ill reset the site. Does this fix erase everything to a fresh install?

04-15-2011, 10:29 PM
Thanks for the heads up. My Pro sites were all safe but I found one of my V4 sites still had the install folder.

04-16-2011, 12:21 AM
My issue of me getting hacked thru the install folder was t hat a user managed to create a new ava_settings. the fix included, i would assume fix my issue.

04-18-2011, 08:26 PM

i suggest to not upload the dirs (install offline and upload the installed version), or if this does not work for you, rename the dir to something less obvious and access the install-routine therein.

but you can easily patch av to check this after upload.

open /index.php
at the very top add:

if (file_exists(dirname(__FILE__).'/install')) {
die ('remove install dir!');



10-20-2011, 04:31 AM
Any idea how one could edit your .htaccess to redirect serp results to their crap?