Fantastico De Luxe by Netenberg is an add-on for the popular cPanel web management software, available on many web hosting providers. It promises an easy, turn-key installation of dozens of web applications, including the Drupal CMS.

Unfortunately, while it may appear to fulfill those promises, the only thing Fantastico really gives you is a broken, insecure install that is hard to update. That's why we strongly advise the Drupal community not to use Fantastico to install and run a production Drupal site.

Don't just take our word for it however: take a look at the many support threads in our forums discussing problems with Fantastico. Its users have consistent problems with the installation and upgrading of even a simple Drupal site, let alone one which uses one of the many contributed modules available on our site. There are multiple reports of corrupted databases, lost files and broken installations.

You can also forget about security and stability with Fantastico: Drupal's latest release is 4.7.2, but Fantastico still offers version 4.7.0, with known security issues and various other bugs. It gets worse: whenever a new Drupal version is released, you must not just wait for Fantastico itself to be updated, but for this new version to be installed by your provider as well. A quick random sampling on Google shows that many web hosts themselves run old versions of Fantastico, offering versions of Drupal that are up to 2 years out of date.

There are two important consequences.

  1. Fantastico places an unfair burden on the volunteers who help out in the Drupal support forums. Netenberg makes money selling its broken product to various web hosts, but washes its hands in innocence while we are expected to provide support for their users.
  2. Fantastico makes Drupal look buggy and broken, which reflects poorly on the many contributors who have worked hard to make Drupal what it is today.

In our eyes, Fantastico hurts Drupal and its users more than it does good. However, Drupal remains open-source and GPL-licensed, so we cannot prevent anyone from making their own derivative installers. We can only warn you about what you could be getting into. Fantastico makes it harder, not easier, to run a secure and up-to-date Drupal site.


Steven’s picture

Digg this article to spread awareness:

kbahey’s picture

The concept of easy installation of popular applications is a good one for sure. The problem is that upgrades are not as easy nor seamless.

I also recall that one of their settings was for the update.php NOT to do authentication checking, meaning anyone can run the update.php script. Not pretty.

This was raised in the security mailing list, and I contacted Netenberg who said they are going to forward that to the developer. No update since then.
Drupal development and customization:

Drupal performance tuning and optimization, hosting, development, and consulting:, Inc. and Twitter at: @2bits
Personal blog: Ba

meba’s picture

Virtualmin offers Drupal 4.7.0 too...

Dries’s picture

Did you check with Netenberg or research the problem? Maybe they patch their Drupal versions ... After all, a patched Drupal 4.7.0 is as secure as Drupal 4.7.3.

There a 30 pages with search results on Fantastico, but there are 42 pages with search results on Debian which also ships an insecure Drupal version. Why are you targetting Fantastico in specific? How about Debian? Or Gentoo?

Quick thought: 30 pages with search results * 10 search results per page = 300 posts about Fantastico. 300 posts out of 76500 posts is 0.4% of all content ... is that the unfair burden?

Muslim guy’s picture

Fantastico is the most common auto installer for many website owners who are either new to CMS, or are instructed by somebody else to install something.

Most web domains have Fantastico.

What happened was - the Drupal 4.7.0 ***crashes completely**, either after several hours of installation (the owner is still getting to learn the ropes), or after a couple of days (when articles have been posted and already a few users).

That leaves a bad taste for users, and bad name for Drupal.

**The error message is very strange and fill the entire web browser

inforeto’s picture

This thread applies to cpanel users, who must be given references as much as with any other setup.
The bad recommendations i have seen came from a past history of upgrading through that tool.
I have to say that it must not be the focus of the reviews or help articles, but rather the pros and cons of the distribution.

Since fantastico is often offered with cpanel accounts, it is easy for an user to pick drupal from the cms lists for evaluation.
It is only responsible to give a warning to those who follow the link in fantastico in search of support and help files.

Perhaps with enough showlight someone would find what settings to modify to have a good workaround.
In my case i found that i had to upload update.php manually because some client asked for it and it wasn't there.
In the end i removed about 9 sites using it in favor of a manual install of the latest versions.
I had hoped i could use the ability to install and uninstall with a few clicks.
Looking forward at the drupal native installer now.

On the other side of things, perhaps this new drupal installer could bring easier methods for everyone to package their setups.
I think the deal with fantastico installer is that it keeps track of the installed files for later update or removal.
This is of course the job of the packager but the way of tracking manually added files could be on the system side.

I still can't see what's the damage on adding modules to the core, but it appears to be related to upgrading.
After all, when removing you only need to delete the right files and folders.
Would be great if you could download the newest zipped files straight from an automatic uploader.
That is, without manual ssh, wget, ftp or cpanel file manager.

Just a look on this issue.

Gunnar Langemark’s picture

I believe that Debian users will probably be tech-savvy and able to make the right decisions.
I also believe that with a shared host which offers c-panel with fantastico, you attract a whole different "species" - namely those business people who always say "how complicated can it be?" - and then just push the "install" button and expect everything to be A OK.
Which is not the case.
In which case the bastards will haunt down the entire Drupal community - and especially go after YOU Dries !!!

So there's a difference between shipping an old version with Debian and with Fantastico - because they have different audiences.


Gunnar Langemark’s picture

The Debian version is actually secure if you keep your software updated. Or at least as secure as you can make Drupal 4.5...
Drupal services
My Drupal services

Gunnar Langemark’s picture

So what you say supports my position really. If you have and maintain a Debian server, you can keep your 4.5 Drupal up and running - and as secure as that version is at any time.
You can also keep your Fantastico installation up to date - but you will ruin the Fantastico part of it as soon as you fiddle with it - and update it.
And most Fantastico users would not know that you could, would not know how to, let alone bother - to do so.

Not really the fault of Fantastico as such, but rather a flaw in the very idea that you let a script like that take care of the install. Not that it is always bad. It is just the way it is - when you want it THAT easy.

So what to do?
Best solution is actually coming up. The installer. Once it is possible to run the installer - and even once (if ever) it is possible to keep the installation updated via the web - you'll have the best of both worlds.



Gunnar Langemark

Steven’s picture

Counting search results is a bit silly if you don't take their content into account. The Fantastico threads discuss serious problems. Debian on the other hand is a common keyword when people describe their environment.

The fact is, Fantastico installs broken Drupal sites and is being used by many people to get an impression of how Drupal works.

As far as the unfair burden goes: that is in the eye of the beholder. Your count does not include those people who don't say they used Fantastico or those who simply gave up after thinking Drupal was of low quality. But there was a recent stir up on the forums about a Fantastico user which took a lot of people's energy as they had to correct bad information and set the record straight.

dude777’s picture

First lets ask the question why do people use Fantastico to install drupal. Because it easy click and go.

Considering that drupal is such a mature project I keep wondering why it has such a crappy Admin interface and installation sequence. You people need to get some Web designer/Javascript/Usability experts into the core team. In my opinion drupal consists of mostly hardcore Geeks who lack asthetic sense. I find it funny when posts like this make it to the front page of drupal.

With words like

" Drupal *can* be used to make beautiful sites. "

and people point out good looking websites made in drupal to convince others that you can develop good looking websites in drupal. Projects like Joomla dont even have to try hard.

Maybe you need to learn from them. By the way this is not a argument about which is a better CMS. And how about making the modules section like what the Joomla guys have done similar to the Firefox extensions website.

rickvug’s picture

While I don't agree with a lot about Joomla I am with you in saying that it looks slicker and is easier at first. However, many of the points that you bring up are already moot with the latest versions of CVS. in particular:

- Drupal now has an easy to use installer. Moreover, it is likely more flexible than any other CMS installation system with the profiles feature. Even now, installation only required editing one or two lines to connect to your database, which isn't that bad.
- The admin interface has been greatly improved in the latest builds with many more patches being worked on as I type.
- The jQuery javascript/AJAX library is being integrated into core already. This should bring many changes.
- There is a move to get a new base theme into the next release, which I think will make a huge difference. The problem right now isn't that Drupal is particularly hard to theme, it's that the project hasn't done much to reach out to designers. Companies such as Lullabot and groups such as this are working to change this perception.
- I agree with you about the extensions page!

In the end, I see that Drupal is definitely heading in the right direction and will continue to grow steadily over the next number of years. Drupal has always been more powerful and better integrated than Joomla. As aesthetic and usability issues are taken care of one by one I think more people will take a second look at the project.

Rick Vugteveen | Image X Media (work) | Blog (personal)

Rick Vugteveen | @rickvug on Twitter

dude777’s picture

Hello there I am not trying to flame or cause any trouble I just trying to bring things into perspective. I have explored the feature sets of both Joomla and Drupal and Drupal shines. Given these facts joomla still remains way more popular than Drupal.

Why ???? I see way more tutorials and HOW:TOs, Videos, Visual Tutorials by community members for Joomla than for Drupal.

Lets face Drupal is more developer focused and should start seriously considering the webdesign/Usability factor. Your talking about features that have not yet been incoporated into drupal and most probably take a long time for getting released.

At the same time I would like to point out that the Joomla developers have totally refactored their base code for the upcoming 1.5 series of joomla.’s picture

Yes, we are more developer focused. I actually consider that a good thing, being a developer myself. When developing Drupal I don't strive for "Drupal for the masses", I happily let the masses use Joomla, wordpress or whatever they fancy for whatever reason.

The reason I develop for Drupal is that it is an excellent toolset to create sites according to my and my clients' specifications.

And if you want videos, tutorials, and so on, feel free to create them. We'll happily host them, if they are good. That takes a lot of time? Sure, that's why I don't make any.

WRT usability: This always has been high on the agenda, but to get to an agreement what makes Drupal better usable is very difficult. Just look at the recent discussions on the developers' mailing list.
Drupal services
My Drupal services

pavlos’s picture

I personally have not used Joomla and neither I am planning to do so, because I have not regretted my choice to revert all my sites to Drupal (a year or so ago), as the help and support on the forums is very good. If there is an issue that has not been re-addressed a gazillion times in the past there is always someone to help.

About guides and how-to's you need to search through the forums more and also check the numerous pages in the handbook with quality tips on what to do with your Drupal installation.

Now, still the drupal site is a bit of a mess and it is not easily clear to the newbies whether something they read applies to 4.6 installation or 4.7. Also from my understanding gained from educating my customers into using Drupal and the benefits in the long run, I can say that those who want everything set for them so that they can simply enter a page and that's it are clearly not interested into putting a small effort into understanding the basics about Drupal.

With that approach, Drupal is not a good solution for them.

But if you check the benefits in the long run and the flexibility available with Drupal, I think very few systems out there offer such architecture. It is just a matter of reading through some handbook pages and those who can't bother simply label Drupal as "not good". Nearly all my customers agree.

I think a better restructuring of and maybe a simple script which autoinstalls the database tables (which does require however that the user creates a database beforehand) would be ideal. Also (and don't laugh) Drupal lacks all the flashing buttons which make some of the other cms I looked at the LinuxWorld in London look kind of superior through the eyes of someone not knowledgeable about such systems. Fair enough, but you don't go after what looks nice... You need to go with the one which is suitable for your specifics.

The interface seems like a mountain of work to learn for some when in fact it is just a matter of going through the config pages over and over till you learn how to configure all the parameters. This does not mean it is difficult... It is just too many things to remember which can only be accomplished only after the user has repeatedly gone through all the admin pages.

Coming to the Fantastico issue, I am using plesk on the servers I am managing and even they have old versions of "auto-install" scripts and although it would be nice to see them support Drupal, I personally much rather install it on my own than have it auto-installed by plesk. You can not expect from a web host to have the last updated version of Drupal in Plesk or Fantastico, given the workload some experience.

In fact to setup 20 drupal installations does not take me over 1 hour, which now that lets say "I know what I want" from Drupal it has become a mechanical movement of the mouse and the keys to install it in no time. And guess what... Updating 20 installations when an update is out, is not so hard after all (for those who manage multiple sites).

It is true that the drupal developers are not that much into deveoping a solution which is good in the eye, but I think that this is the right direction. They focus on the core of the system and not on it's outfit, which at the end of the day it is the designer's job to make a nice template or to know how to write custom css declarations or identify the ones already specified in the default style.css.

loloyd’s picture

I actually tried both Mambo and Joomla first BEFORE settling on Drupal. I also tried bitWeaver, Geeklog, e107 and some others I already forgot about before a friend showed me Drupal. For one thing, my experience tells me that it was *really* easy to install all those other CMS's what with all their auto-installation scripts. However, the minute I tried to establish and manage content, the learning curve immediately shot up to spectacular levels. Also, it was frustrating for me to have to contend with slow responses.

Drupal was a different story altogether. Sure, it was harder to install as it had no automated way of doing it, save for Fantastico and other similar scripts. But once I hurdled that, everything became as smooth as a baby's butt. Even installations for modules were easier because they all pretty much shared the same procedural concept. This actually shot up my *usability* score for Drupal.

My *actual* experience rates Drupal at the top of the performance ladder among those I've tried. Is it because of the lean design - less graphics, more focus on speed and feature functionality than aesthetics? Maybe so.

Bottomline, it was hard at first but it's a whole lot worth it once you get through that first round of virginity.

mcurry’s picture

Hello there I am not trying to flame or cause any trouble

Um... starting off your comment with subject like this:

How about you cry babies make Drupal Installation Easier

is a great way to win over your audience. Whatever valid points you may have made in your post are easily overlooked when you start off a conversation with an insult. Trying or not, that was flame-bait.

Muslim guy’s picture

Enough advertising for Joomla

Even in, there is no advertising, no eyeprodders

One thing Drupal users wont see is `Powered by Drupal, so and so, by you-know-who' unless if specific themes are used like `fancy (by gleez).

No sir, there is no need for Dries and the good fellows to advertise them with eyeprodders (save for the cute Druplicon which is easily removed by a newbie) or put a hidden meta tags

And there is NO HIDDEN META TAGS with irrelevant stuff like when newbies use use Joomla,Xoops,etc

And no custom footer like `Joomla! is Free Software released under the GNU/GPL License."

Drupal users know this - no need to nag them

And those newbie users are wondering `Why dont Google put my site on 1st or at least 2nd page' for my content? It's because you didnt change the META TAGS.....

So back to Drupalism - I am just commending it from my average user point of view, but I am a POwer user, who have real needs and requirements, and Drupal CMS match them perfectly.

And I made the EXTRA EFFORT to learn installing manually Drupal, because I know I am getting the best deal, the best package, the support and motivation from Drupal community

chx’s picture

The cry babies you mention were pouring two and a half years of hard work into the install system which is already in the developer version of Drupal.

Problem is, this has been reported here which, at the time of writing this comment is the first article on the second page of front page...

I consider you cry baby -- where you were when we working on the patch? If you were not testing it, which requires no programmer knowledge. then you do not even have the right to whine.
The news is Now Public | Drupal development: making the world better, one patch at a time.

Drupal development: making the world better, one patch at a time. | A bedroom without a teddy is like a face without a smile.

Muslim guy’s picture

Dude.....why suddenly about are obviously trying to inject something in the middle

And you are RUDE in calling people names like `cry babies'

And yeah, Joomla users complaint about it being rigid, inflexible, and does not do kindly as to the way Drupal is flexible and extensible. And complaint `where is user profile like I saw in, or why my username must be less 10 characters, unlike Drupal usernames; etc etc incessant complaints

Many other CMS only shine because of the easy installation....but only Drupal worth learning and effort

Drupal is a fine piece of software...I installed Drupal for many organizations (the stable versions) and there is no complaint. Like I once told of my experience - somebody can at least make a living :) installing and building a very powerful and flexible CMS with Drupal. The installation is difficult for someone with no basis whatsoever.

But dont let users LOSE SIGHT of the power and capabilites of Drupal, they dont need to learn PHP or how to install manually, you do for them, get past the initial hurdle, and once installed and running, people take to Drupal like fish to water.

danroth’s picture

I had problems with a site after trying to use Fantastico to upgrade my Drupal installation.
I eventually ended up doing it the old-fashioned way.
Thankfully, things then ended up just fine.

bertboerland’s picture

but i dont think that drupal installation / upgrading as it is now should not be referred to as "the old way". just as the fantastico way isnt "the new way".

fantastico is okay for fast deployment of a non production site (test, develop, maybe even accept environment). i think that is the point of this thread. know what you are doing. and if you dont know what you are doing, you know at least where you are; in trouble. holds true for most things in ICT


bert boerland

Samat Jain’s picture

Is this Drupal's official stance?
Personal home page | Rhombic Networks: Drupal-friendly web hosting

eaton’s picture

That Drupal can't really have an 'official' stance as it's just a group of volunteers. ;-) But Fantastico alters the Drupal package with its custom installation scripts, and those changes have been shown to cause many problems when it comes time to upgrade to a newer version of Drupal or integrate with some third party modules.

Of course, folks can try to help in the forums and so on regardless of ow you installed your copy of Drupal. But keeping up with the changes Fantastico makes isn't something the Drupal community really has the resources for at this point. The makers of Fantastico are selling a product based in part on an altered version of Drupal, and I think it's reasonable to say that the responsibility for supporting those alterations is theirs.

We can support Drupal as best as we can, but when the problems stem from a borked up Fantastico install or upgrade, many times the best we can offer is, "Drupal should really be installed using the instructions in the README." In the next version (4.8/5.0) the built-in install system should make that a bit easier for new folks.

Eaton's blog | VotingAPI discussion

sepeck’s picture

It's known that a lot of people use Fantastico installers. Many forum issue's are because of this. Many are not directly caused by Fantastico but are caused by site admins that do not bother to actually research and understand the technology they are using.

They never read the install instructions. They never see the best practices. They never subscribe to the security list. That is the bulk of where I suspect the issue's occur. Of course, I have never used the Fantastico installer so do not have direct personal experience.

-Steven Peck
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain

-Steven Peck
Test site, always start with a test site.
Drupal Best Practices Guide

eaton’s picture

One of the tricky bits is that Fantastico keeps track of the files it installs, the tables it creates, etc., and complains if they change behind its back. If you install third party modules or tweak your drupal installation at all, the Fantastico built-in upgrader tool can easliy choke, and results in broken drupal sites. However, if you manually update your drupal site with the files from, Fantastico still thinks you're using the old version, and... well. You get the idea. This is compounded by the fact that Fantastico is often months behind Drupal's release schedule on minor patches and security fixes. As the google search above demonstrated, there are quite a few ISPs out there with Fantastico installs that still use Drupal *4.5*.

If you have a site installed with Fantastico, it's often easiest to back it up, tell Fantastico to delete it entirely, and install the newest version of Drupal manually. Then import the backed up DB and do things yourself. It's just a LOT safer.

Eaton's blog | VotingAPI discussion

sepeck’s picture

I never disputed that going to the source of all CMS goodness was not the 'right thing'(tm) to do. :D

-Steven Peck
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain

-Steven Peck
Test site, always start with a test site.
Drupal Best Practices Guide

gtoddv’s picture

I have used Fantastico to install Drupal in both production and non-production sites. I have upgraded all of them through Fantastico and never had a problem. I typically use quite a number of modules too. Fantastico is a great tool and works well with most of the software it supports. Perhaps it is the hosting providers I use that make a difference. It is up to the hosting provider to upgrade and patch Fantastico. I am sure there are some that still provide Drupal 4.5.

The only time I have had trouble with an upgrade is when using Drupal's update.php (on a NON-Fantastico install). I haven't had an issue since update.php started detecting the installed version.

I am not sure what is meant by "...You can also forget about security and stability with Fantastico...". I am sure there are many sites that are still using 4.7 and earlier that weren't installed using Fantastico. It's all relative. Should we have never installed 4.7 or 4.6.2 or....? Yea, in a perfect world you would always upgrade to the latest version, but quite often that isn't realistic. Drupal (or any software for that matter) is only as secure and stable as it's latest mature version. Dogging netenberg for not immediately providing a 4.7.2 upgrade is not entirely fair. They generally do a very good job keeping up with all the software they support. They probably wouldn't have a viable business if they responded to every point version of all their support software.

I am sure that Fantastico has been responsible for a significant number of Drupal users. Its unfortunate that some have had trouble related to the use of Fantastico. I'll bet there have been a significantly higher percentage of Drupal users that have had trouble using Drupal's own install and updating systems (which are wonderful and perfect and please don't flame me, I love Drupal and everything about it and I know I have no right to criticize it in any way, I apologize if any of the developers take that last bit the wrong way, please don't flame me, I mean you no harm, I will burn a candle at church tonight for my indiscretions, sorry).

kbahey’s picture

I would like to point out that the next release of Drupal will have an installer.

It is no longer necessary to create the database tables manually.

Here is a preview of the Drupal installer.
Drupal development and customization:

Drupal performance tuning and optimization, hosting, development, and consulting:, Inc. and Twitter at: @2bits
Personal blog: Ba

netenberg’s picture

First of all greetings to the Drupal community

One of our customers has pointed us to this article. I was very surprised to read a first page Drupal article about Fantastico being "an insecure recipe for disaster". As all humans we do our mistakes but we had never been accused to be such.

Following answer to Steven's article has been posted here:


thank you for the update. I have seen such postings in the past, I will see them in the future too. A few developers have difficulties with the growing popularity of their scripts due to Fantastico. I hope this is not the case with the Drupal developers.

First of all to the version issue, Fantastico installing an older Drupal version. As I see in the Drupal official changelog, the last two minor upgrades fixed no security issue:

Drupal 4.7.2, 2006-06-01
- fixed critical upload issue, see SA-2006-007
- fixed taxonomy XSS issue, see SA-2006-008
- fixed a variety of small bugs.

Drupal 4.7.1, 2006-05-24
- fixed critical SQL issue, see SA-2006-005
- fixed a serious upgrade related bug.
- fixed a variety of small bugs.

Our top priority when updating are security issues. Several times we have postponed a Fantastico release because at the moment we were ready to release, a critical security update of a script was released, so we postponed our own release in order to include the new update. This has happened with the new release (yet to come out) twice now resulting to legitimate protests by the customers for the delay.

If Drupal will not mark their releases as security updates, we will put them to the second row (unless it is a major update) and do them when critical updates are done first.

The rest of the article are a few further not explained accusations thrown together:

the only thing Fantastico really gives you is a broken, insecure install that is hard to update.

I don't know how it could be insecure when there is no security fix with the 2 newer Drupal releases. Since neither 4.7.1 nor 4.7.2 include any security fix, they offer an unsecure 4.7.2 KNOWING IT?

As for broken, I just read a report that "What happened was - the Drupal 4.7.0 ***crashes completely**, either after several hours of installation (the owner is still getting to learn the ropes), or after a couple of days (when articles have been posted and already a few users)." If this is really the case (our Drupals run fine), a short note from Drupal to netenberg would be enough and we would update asap.

whenever a new Drupal version is released, you must not just wait for Fantastico itself to be updated, but for this new version to be installed by your provider as well.

True but unrelated to Fantastico itself. And most providers update within 24 hours (using the automated cron job) when a new Fantastico version is released.

Actually that was all Fantastico does bad (according to Drupal's Steven). And that is enough to make a first page article and name it "Fantastico De Luxe: an insecure recipe for disaster"?

No, wait, there is more: A reference to "the many support threads in our forums discussing problems with Fantastico". I went through them and most are referring to the ease of installation with Fantastico or are completely unrelated to Fantastico (example: look for a host with CPanel/Fantastico). True, some refer to problems but the sheer amount of links appearing when clicking on that link and the title "the many support threads in our forums discussing problems with Fantastico" make Fantastico look very bad -- apparently here it was the Author's intention.

Examples from "the many support threads in our forums discussing problems with Fantastico" (I will not make any selection but will follow the first 10 links appearing):

Link 1: "Fantastico De Luxe: an insecure recipe for disaster", will be ignored, we just discussed this.

Link 2:
"Lots of errors, new install, 4.7 via Fantastico"
Rosamunda answers: "The problem came because I´ve installed Drupal 4.7 via Fantastico on MySQL 4.1 instead of 4.0. I don´t know if the issue cames because of Drupal or fantástico, because I´ve tried the same without Fantastico, and have the same problem. Apparently is a "collate" problem, the database doesn´t get that you want all the tables on utf8_general."
Please note: "I´ve tried the same without Fantastico, and have the same problem"
Not a Fantastico issue?

Link 3:
Upgrading from version 4.6.5 to 4.7 using Fantastico
"Hello, I've been using Drupal for about two weeks and LOVE IT!!! Anyway, how do I upgrade Drupal using Fantastico? So far, Fantastico still tells me that the most recent version of Drupal in 4.6.5, but I know that is incorrect.

Is there a really easy way to upgrade Drupal with Fantastico?

Also, why doesn't Fantastico see the new version of Drupal.

Thanks in advance for your help!!"

I wouldn't name it a Fantastico issue. The author certainly should post this in the netenberg forums.

Link 4:
"So, what host providers are REALLY Drupal friendly?"
Not related to any issues with Fantastico, many references to the ease of installation with Fantastico

Link 5:
Fatal error for Drupal 4.7.0 installed with Fantastico


We encountered problems for Drupal new installation with Fantastico which is still at 4.7.0.
Fatal error: Unknown function: node_get_types() in /home/teras/public_html/terasonline/includes/ on line 248
Fatal error: Call to undefined function: filter_xss_admin() in /home/teras/public_html/terasonline/themes/engines/phptemplate/phptemplate.engine on line 143"

This thread hasn't received any answer, I don't know if this issue has to do with Fantastico or with missing dependancies in the software installed on the server. In the netenberg forums there is not a single reference to this error, possibly not a Fantastico issue.

Link 6:
Wordpress vs Drupal; what's in a reputation?
References to Fantastico:
"I'd say that Fantastico installation of Drupal 4.7.0 is a bane to Drupal because it will crash and give a bad impression ." (no further explanation!)
"I propose also here that (or local Drupallers) should really talk to the webhosts (ISPs) to check their Fantastico scripts and upgrade default installation of Drupal to 4.7.2"
"I am very sure web builders like me (not a programmer nor PHP literate) will flock to get the Drupal installer like a hot pizza
Wait a minute...this installer is not for Fantastico and ISPs will not have them right?"

Obviously not a forum thread discussing Fantastico issues.

Link 7:
Getting a "fatal error" code...
"My site was recently made and I got hosting with Ezy Rewards PLUS. I chose Drupal as my content management and I am getting a fatal error code when I try to load my site. My site address is and the error message says "Fatal error: Call to undefined function: drupal_is_front_page() in /home/holmesey/public_html/themes/engines/phptemplate/phptemplate.engine on line 142"
Can you please help me fix it!"

THIS is possibly a Fantastico issue (as I understand from further postings in this thread). We will examine the issue.

Link 8:
2006 hosting providers evaluations
References to Fantastico:
"Though I've not used it they have Fantastico ready off the control panel for point and click installation of most of the popular OpenSource aps (including Drupal). "
"They also offer fantastico, which is nice since it'll automatically install/setup everything for your for drupal and other software."
" - freshly installed via fantastico"
"So far so good - they have Fantastico with Drupal 4.6.5 in their control panel, so the install took a couple clicks and all of 10 seconds. "
...and further references to hosts with Fantastico

Link 9:
Fatal error after changing settings
"I searched the forum before posting this problem. There is a similar error but the person has not informed how he/she solved the problem. I installed Drupal through Fantastico on my site I was able to login to my administrator account and was successful in changing a number of settings. But when I clicked the "Themes" link under the "Administer", I got the following error. Ever since, I am getting the same error when I try to open the site by going to
Fatal error: Call to undefined function: drupal_is_front_page() in /home/aigroup/public_html/cms/themes/engines/phptemplate/phptemplate.engine on line 142
I would be greatful if anyone could help me with this problem. Thanks in advance."

Same issue as link 6 above, probably a Fantastico issue.

Link 10:
My honest impression about drupal
(Long initial post, unrelated to Fantastico)
References to Fantastico:
"I installed Drupal with Fantastico tried it and found it a bit hard then uninstalled it and tried Mambo loved how easy it was to install but that was it within days I came running back to Drupal with arms wide open."
"Virtually any modern web host seems to be running cpanel and along with it, Fantastico. Hostingzoom is the one I use, but there are many others. With Fantastico you can install the most recent version of drupal in about one minute, maybe less. You can also install shopping carts, discussion boards, wikis, all sorts of stuff. You shouldn't have to do this yourself. You're making life tough for yourself if you have a web host run on a steam engine. Cpanel and Fantastico will make your life a lot easier, so you may just want to take the leap to a modern host. One of the beauties of Cpanel, incidentally, is that you can backup your entire site and take it to any other Cpanel site. I did just that a while ago. Incredibly easy."
"Just to point out, many hosts do not have up-to-date installs of Fantastico, so you do not get the latest version of Drupal. Fantastico AFAIK does nothing to install modules either, which, if you've enough, are more a pain to install than Drupal itself."
"if you're moving to a host with Fantastico, you should make sure they keep up-to-date versions of Dru. why pay for something that isn't implemented right?"
"My first impression of cpanel was negative.
With a bit of use, however, I came to understand that it gives you a great deal of power. I can add and remove domains, mysql databases, do software installs with fantastico"
"drupal install is easy with proper server/hosting environment.
4) got to fantastico and click on drupal"

Now it is up to you to judge if Fantastico is an "insecure recipe for disaster" or if Fantastico helped making Drupal very very popular.

Since we respect authors a little bit more than the freedom the GPL license gives to us, if we receive an official request from the Drupal team, we will drop installation of Drupal completely.


As stated above, if the Drupal team wishes, we will drop auto-installation of Drupal in Fantastico. However before doing so, ask users of Drupal how they have found out about Drupal. Maybe the best would be to just point them to the netenberg forums ( ) for any issues you think are Fantastico related. And contact us whenever you think there are minor or major issues. This will make the whole look more professional than a first page article about recipes for disaster.

Ilias Moisidis

shouchen’s picture

I've never used Fantastico, so I don't really have an opinion regarding this thread... however:

First of all to the version issue, Fantastico installing an older Drupal version. As I see in the Drupal official changelog, the last two minor upgrades fixed no security issue:

Drupal 4.7.2, 2006-06-01
- fixed critical upload issue, see SA-2006-007
- fixed taxonomy XSS issue, see SA-2006-008
- fixed a variety of small bugs.

Drupal 4.7.1, 2006-05-24
- fixed critical SQL issue, see SA-2006-005
- fixed a serious upgrade related bug.
- fixed a variety of small bugs.

Looks to me like these three are security issues... in fact the home page says that 4.7.2 corrects "two security vulnerabilities".

- fixed critical upload issue, see SA-2006-007
- fixed taxonomy XSS issue, see SA-2006-008
- fixed critical SQL issue, see SA-2006-005

wonderland’s picture

Come on, this is ridiculous! You say that there have been no security fixes in the last two updates and then post the changelog as a proof. And that same changelog says 'critical' all over it...

To help your understanding, I marked everything in bold that tells people with a minimum of knowledge about web applications that there are important security fixes:

Drupal 4.7.2, 2006-06-01
- fixed critical upload issue, see SA-2006-007
- fixed taxonomy XSS issue, see SA-2006-008
- fixed a variety of small bugs.

Drupal 4.7.1, 2006-05-24
- fixed critical SQL issue, see SA-2006-005
- fixed a serious upgrade related bug.
- fixed a variety of small bugs.

What does XSS mean to you? Could it be cross-site-scripting? Wow, but then it would be a security issue, right? One of the most common security issues in web applications, actually. You should know that when you make money by selling installations tools for web applications...

And what about something like SA-2006-005? Looks like it could be a security anouncement, right? Well, it is! And you should know that as well. But at the same time you should be subscribed to the security anouncement mailinglist to receive all the announcement and react quickly. Apparently you're not.

Not to mention, that both updates were explicitly labled as security updates on What else do you expect? What is required to make you aware of security updates? Maybe a special paragraph in the changelog:

"Dear Fantastico developers, this changelog entry does not only say critical and mentions security related terms everywhere, it actually is a security update. Again: SECURITY UPDATE! That means YOU HAVE TO UPDATE FANTASTICO because there are SECURITY ISSUES!!"

Well, I guess it wouldn't help either. So much about Fantastico and security....

Sorry, but you just disqualified yourself, your company and your product. I thought that this thread is way to harsh, but after reading your post (in which you give excellent proofs of your knowledge) I can only agree with the original author: "Fantastico De Luxe: an insecure recipe for disaster".

..- Wonderland

netenberg’s picture

Thank you for your explanations to me ignorant. I am not on the technical side of the things -- like most of your end users I guess -- no matter if their installation was made manually or using Fantastico.

Next time I will consult an abbreviations directory when reading changelogs :)

Ilias Moisidis

Heine’s picture

To anyone reading this & using / offering Drupal: please subscribe to the security announcements mailing list via This page also offers an RSS feed with advisories, if you fancy these new technologies.

If you do subscribe to the security announcement list, think twice about setting an out-of-office reply.

wonderland’s picture

I am not on the technical side of the things -- like most of your end users I guess -- no matter if their installation was made manually or using Fantastico.

But isn't the whole idea of Fantastico that you're on the technical side of things so your users don't have to? Your users rely on your knowledge! And you just told them that you don't know more then they do? Unbelievable...

..- Wonderland

moshe weitzman’s picture

fantastico users are outsourcing to you the responsibility to keep current with security updates. your admission that you are non technical and don't understand security abbreviations is a big problem IMO. frankly, you should hire someone who does understand or you should stop providing your service. you are jeopardizing the data and servers of all your customers. this is a scandal.

calebgilbert’s picture

I come from the political world. Think a politician ever pops in a thread and actually holds a discussion? Cut the netenburg guy some slack. At least try to steer it into a productive direction.

Frankly, Drupal IS a pain in the ass to install unless you have some decent experience. And that says nothing about keeping it running. I'm a total noob who's picked his head clean from trying to get and keep a cms running for a year and a half, and somehow I'm glutton enough to stick with it.

Besides, in ten years they'll have a button in microsoft word that lets everyone deploy something ten times more powerful (and bloated if it's coming from M$), but until then let's ratched down the shrillness....

Maybe one day soon someone will get the idea to deploy heavily pre-configured Drupal installs and support them in a way end-user's would need.


Hosting for pre-tuned/pre-configured Drupal installations
No set-up time, instant fully-functioning site with many extra modules
Drupal specific support, SSH/FTP/cPanel

chx’s picture

I only checked the first one, but the original author of does not say that the same was experienced without Fantastico, that comes up in a reply. The problem is that the database gets installed with incorrection collation, and that, indeed could happen without Fantastico. However, a script could (and actually should) take care of this thing instead of bleating here "not our issue". It is yours to set up the database correctly and use the relevant database script provided with Drupal.

The security stuff is also hilarious. The biggest problem is that you just proved that you are not subscribed to Secunia or anything similar because we (you know what? not we, that's too general, I tell you who: Uwe Hermann did so far, and I know that because until very recently I was the security team leader) always post our security announcements to Secunia.
The news is Now Public | Drupal development: making the world better, one patch at a time.

Drupal development: making the world better, one patch at a time. | A bedroom without a teddy is like a face without a smile.

Dries’s picture

Of all CMS projects, Drupal stands out because of its security infrastructure. We post security issues on the main page, on a dedicated security page, in a dedicated RSS feed and we notify people by e-mail through a security announcement mailing list you can subscribe to. In addition, security issues are cross-posted/forwarded to bugtraq, secunia, etc. It's hard to ignore Drupal's security advisories. ;-)

I am not familiar with CPanel; I've never used it. As a result, I can't comment on their service. Other distributions like Debian and Gentoo are also slow upgrading Drupal (at times). Slow upgrades are a problem and a source of security issues. Distributions, or middle-men, have both advantages and disadvantages. But at the end of the day, they are an important part of the Drupal ecosystem. So I, for one, am happy with the fact that Netenberg supports Drupal.

However, I second that the tone of Steven's post is somewhat offensive. Based on frustrations, it seems. Steven wrote: In our eyes, Fantastico hurts Drupal and its users more than it does good. Even though Steven wrote 'our eyes', I don't necessarily agree with his premise. Before I can agree with such statement, I need factual data. What is Steven's claim based on, and what steps did he try to fix the problem? Did Steven contact Netenberg about this? Did they ask them to upgrade? Did he file a support ticket to Netenberg/Cpanels issue tracker? It's not clear to me but maybe he did all that, or maybe he knows someone who did all that.

Much like we encourage our users to work closely with the Drupal security team, we should be willing to work with other projects' security teams, and encourage our users to do the same. If Netenberg needs to upgrade their Drupal version, ask them to. Go to their forums, file a support ticket, or use their contact form. They have the infrastructure in place, and they have resources to fix such problems. From the looks they are both responsive and friendly (despite being flamed).

Let's hope that in future, Netenberg is quick to respond to Drupal security issues, and let's try to work with Netenberg rather than attacking them in public.

carlmcdade’s picture

I wrote about this almost two weeks ago after a fiasco with several Joomla sites and one Drupal site.

The problem is not if or when auto-installer makers fix or upgrade but a problem with latency between parties, communication and ownership of security holes. Fantastico and others like it cannot respond fast enough to security flaws and they do not communicate the drawbacks of their systems. When you add this to the fact that the web hosting companies have to have time and be willing to make upgrades along with website owners that are not in touch with their websites you get a recipe for disaster.

While opensource projects cannot officially say no to auto-installers they can strongly advise that they change their distribution systems so that the final end user is informed of any potential insecurity in the software they are using. This can be as simple as a offering a newsletter or go as far as adding a "phone home" script to their distributions.

Hiveminds Magazine
for web publishers and community builders

Dries’s picture

Do you use a Linux distribution? How do you upgrade MySQL, PHP, Apache, Qmail, etc, etc? Linux distributions have the same problems, yet everyone uses them. Are they a recipe for disaster? Interesting discussion. :)

carlmcdade’s picture

My quess would be that when it comes to Linux software and other highly used programs that there is not such a problem when there is no dependancy. If you take an example of Apache 1.3 having a security hole on my CentOS Server. I can simply update the installation manually from any distribution and then go back to using apt-get or another updating system. This is the same with Linspire and my MySQL database. In an emergency I can get the latest from MySQL but the Linspire system will still give me notices and allow me to update from their servers afterwards.

Fantastisco ( we should not leave out Installatron) has no such direct system. The upgrades come secondhand from the web hosting company. If you upgrade on your own then you cannot go back into the Fantastico system. This leaves CMS software users with a difficult choice and while they are trying to make that choice they are in danger of being hacked. It is counter-productive to the establishment of security teams and newsletters.

Hiveminds Magazine
for web publishers and community builders

Gunnar Langemark’s picture

However much I do like Fantastico and other tools that ease my day to day fiddling with OSS and scripts, I still maintain that it IS a dangerous path to follow, and that it is indeed luring those of us who are not fully professional system administrators into having old and insecure installations - even of Drupal.
It is not that there's a fundamental difference between Debian and Fantastico - both will offer you old and probably insecure software in an easy to install way.

But whereas Debian is not exactly targeting the "uninitated" (and NO far from everyone uses Debian! Don't forget that Drupal is becoming an "end user tool" !), you can make the case that Fantastico is EXACTLY targeting the less educated of us. This means that they are asuming a responsibility - at least morally - regarding the security status of the installs that they offer.
In this thread we can read about several pitfalls in this model, and I've been convinced by the discussion, that the concept of Fantastico does have some weaknesses. And I have seen that Fantastico people do not really take that responsibility seriously.

That does not mean Fantastico is useless or evil in my eyes. It just means that those of us who know this - ought to raise a flag, and make sure that we've done our part to let people using Fantastico and other scripts like it know that these shortcomings are there.

Not upgrading your site is your own responsibility, and the risks can be calculated. It is not the fault of Fantastico. It is however somewhat their responsibility to make users aware of the facts.
In my opinion at least.

Gunnar Langemark

vph’s picture

A few comments.

+ It's undeniable that something like Fantastico has been and is very good for Drupal. Especially, when Drupal was relatively unknown just a short while ago. If true, Drupal owes some to Fantastico.

+ It seems that your comment (and the post at hiveminds) direct generally at auto-installers, rather Fantastico itself. Moreover, a quick read from the post seems to underline an inherent problem with autoinstallers rather than a specific bug, or practice, etc. What you say, I think, is true in that if there is a middleman in between in upgrading securities issues, then naturally the process will be slow and error-prone.

But this is the nature of the practice. If you are new to Drupal and not technically oriented, then autoinstaller is a great thing. If your works require the latest securities update of Drupal, then you should take care of everything, installations, updates by yourself. Of course, there are things in between, but no solution fits everyone, every situation.

I'm not saying who is right in this case, but things but be seen in these lights.

TheWhippinpost’s picture

This is all about communication.

Clearly, the Netenberg representative would like to see the actual words, SECURITY FIX, in the title (or somewhere) of the changelog rather than interpret what he percieves is just pseudo-blabber... reasonable request in my eyes and should come under usability.

If Drupal can accomodate his request it can only be a good thing in the long-run.

Conversely, if Netenberg can engage more with the community and have the conversation then he/they would know about the security RSS feeds etc...

As any marraige guidance service will tell you, it's all about communicating and listening :D


Heine’s picture

As you can see from the 4.7.3 changelog:

Drupal 4.7.3, 2006-08-02                      
- fixed security issue (XSS), see SA-2006-011 

The Manual | Troubleshooting FAQ | Tips for posting | Make Backups! | Consider creating a Test site.
TheWhippinpost’s picture

... you know what I'm saying, stop nit-pickin ;p


Heine’s picture

reasonable request in my eyes and should come under usability. If Drupal can accomodate his request it can only be a good thing in the long-run.

ie granted. We do listen.
The Manual | Troubleshooting FAQ | Tips for posting | Make Backups! | Consider creating a Test site.

cpdan’s picture

Hello all,

The Drupal dev's could maintain and distribute their own cPAddon of Drupal so it could be installed with one click
from cPanel and always be up to date, as per

HTH, have a super day everyone!
- Dan Muey

[ED:This comment was updated upon request of the author, by Amazon]

eaton’s picture


Thanks for the comment -- it's cool to hear that you're working on abstracting that kind of stuff out. I just read over the docs for your cpAddon system, and part of the difficulty is that Drupal implements its own built-in upgrade system. It's more than just moving files or running a mysql file; ever Drupal module is capable of checking what the currently installed version is, and running its own data conversion scripts, etc.

The new installer works in a similar way -- rather than installing a monolithic .mysql file, it looks at the list of modules slated for inclusion in a given 'package,' and gives each of them a chance to do their own setup/updates/prep work/etc. In looking at the way your cpAddons work, it appears that one would have to create a fully configured Drupal site, go through all the installation steps, then make a SQL dump and grep through it for bits that would need to change for the cpAddon script.

Is there any way to create a cpAddon that would *only* do the necessary steps to get the Drupal Installer ready to go? Perhaps making sure permissions are set up, creating the database and database user (but not populating any tables), and then directing the user to Drupal's own install.php page?

Eaton's blog | VotingAPI discussion

Bèr Kessels’s picture

Eaton, Dan,

Just today I did some more massive work on Sympal scripts. It is a lot more work then anticipated, so tis not going as fast as I would hope. In any case, this particular issue could be solved too, with these scripts.

Sympal scripts are/will present consistent commandline APIs and interfaces for any 3rd party system. Any system, (including Cpanel addons, from what I can find out) , which can talk to the commandline can then installupgrade/maintain Drupal.

As it (sympal scripts) is now, it is a still a big inconsistent script spagetty, but i am confident that it will solve a lot of issues like this cpanel stuff. when we use sympal scripts as API towards Drupal, the cpanel people need not bother about Drupal version,s its upgrade scheme and/or any other weird upgrade system we (Drupal) have in mind. All they need to do, is talk to the commandline api, which will sort out all the hard stuff.

intended usage manual of the scripts
the scripts themselves, make sure to check out the fabulous aptitude alike module installer (module_fetcher) by JM Renouard!

Professional | Personal
| Sympal: Development and Hosting

DawnsWebDesigns’s picture

My hosting co's Bluehost & they have Fantastico. I had a karaoke site I built with Drupal. One day I went to check on it & it was gone. The directory was still there...but the site wouldn't come up. I found out Bluehost or Fantastico one took Drupal off as a possibility. I guess when they did it somehow messed up my site. And I couldn't use Fantastico to take anything back off. I had to go in & delete the directory/database myself. All that hard work...all those mods I added...down the drain.

I also used Fantastico to install a phpbb forum. Then I logged in...went to the admin area...& it said I was already a version or two behind. Eventually...a link appeared for "updating". I tried their updating link once & lost another site cuz of it. I will never use Fantastico again.

Michelle’s picture

That was probably Bluehost's doing, given this thread:


DawnsWebDesigns’s picture

I'm sure you're right about Bluehost...but I prepaid for a year/am stuck with them for now.

But I've been with them for several months & have used Fantastico several times. A few softwares they offered to install "with a click of a button" never worked...& they disappeared off the list. I still don't think the php links or FAQ's softwares work right...but I gave up messing with them/haven't tried in a long time.

I've installed Drupal & Joomla...a few times. I've also installed phpbb & SMF...a few times. Then I've installed at least 2 blogs. As soon as I install these softwares they tell me they're out of date & I need to update. It took forever (seems like) for the update link to appear. I used one once...only to have my entire site crash. And I'm a goofy hag who didn't back things up...which is why I've had to rebuild/set-up sites A FEW TIMES! When they say back up your yourself a favor & do it. ;-)

In closing...if someone wants a personal site & has no interest in learning web site design...Fantastico may work for them. But if someone really wants to be a "web site designer" & build professional sites for businesses...they'll have to learn how to upload/install/set-up/update anyways. They should learn the right way right off the bat. It's a frustrating process...especially for the self-taught...but at least you're gaining knowledge versus only frustrations. :-)

Michelle’s picture

Oh, I never meant to imply that Fantistico was good. Personally, I agree with the OP. I was just saying that, in this case, it was probably Bluehost to blame for what happened as they suddenly pulled support for Drupal so may have taken it out of Fantastico. Though, that is another point. If you install with Fantastico and suddenly your host no longer has it in Fantastico, sounds like you're screwed?


EaglesNest’s picture

My hosting co's Bluehost & they have Fantastico. I had a karaoke site I built with Drupal. One day I went to check on it & it was gone. The directory was still there...but the site wouldn't come up. I found out Bluehost or Fantastico one took Drupal off as a possibility. I guess when they did it somehow messed up my site. And I couldn't use Fantastico to take anything back off. I had to go in & delete the directory/database myself. All that hard work...all those mods I added...down the drain.

I would like to ask one very basic question.
Did you by chance have a backup of your site before this happened?

If the answer is no, then I would suggest the next time you have a web site that you only check on once in a while you set up an automatic backup of the site at least once a day for changes, and once a week do a full backup. That is just common practice for any type of computer usage. If you would have had a back up of the previous day, and a full backup of the previous week your system could have been restored by the system admin and everything wouldn't be "down the drain"

Just a suggestion.

I also used Fantastico to install a phpbb forum. Then I logged in...went to the admin area...& it said I was already a version or two behind. Eventually...a link appeared for "updating". I tried their updating link once & lost another site cuz of it. I will never use Fantastico again.

That would be on the host to be sure that the Fantastico scripts were upgraded, not Fantasico, if the host does not have the proper cron jobs running to get the updates, or does not keep up with SA's (oops, I mean Security Annoucements) then you cannot or at least should not fault Fantastico as it is the hosting companies responsibility to update their versions of released software. Fantastico (Netenberg) is only responsible for making the updates available not to go to the millions upon millions of hosting companies and say "Come guys, you need to upgrade to the latest versions..." I would assume that Netenberg believes they are dealing with professionals at the hosting level therefore would not need to treat them like they were grade school kids and lead them by the hand to the "library".

Another thing that I would also like to mention here. Everyone seems to forget that Fantastico installs a basic canned installation. If you make modifications to the software after it has been installed and the author does not take into consideration that there may be mods on top of the canned install, then Fantastico is not at fault for overwriting your site, the author of the software is for not at the very least warning you in any mod you install to NOT do a re-install of an upgrade using an automated script. How in the world can any author be aware of ALL the mods that someone might make to their installation. I challenge you to install MS-Office, and when a new version comes out, re-install it without loosing all of your "mods" it is impossible for any author to take into account all the modifications that could possibly be written for any given piece of software, especially those that are under the Open Source License.

How can Fantastico be at fault when you, the webmaster, is the one that clicks on the link to upgrade without first doing your homework and making darn sure that the upgrade will not overwrite your modifications. In addition, I am sure that each and every release of any software updates, or upgrades will emphasize to make a backup of both the MySQL database and the site before performing any upgrades, that is only common sense.

You could also make a test directory, copy over all the folders from the old installation to the test directory and perform the upgrade on that directory first before you install it to a "live" site. Again, that just is common sense as well. The really beautiful part of Fantastico is that I can create as many installs as I need from there within a few minutes. Let's say I do an install of Drupal I could then turn around and install a second one at then if I were smart I would install the mods to the second one, check them out, be sure they worked as I expect them to work, and test test test, then and only then would I dare to move it to a "live" site. Once the offline was fully tested and I was comfortable I would then make those same mods to the "live" site. Now given those facts lets look at the Fantastico upgrade, first I would upgrade my offline site and again, test test test, only when I comfortable with the new upgrade would I then perform that upgrade on my "live" site.

I guess what I am saying here is that all of the complaints that I am seeing regarding Fantastico, hosts, security issues not being titled right, holes in the software, live sites be "gone" it seems as though everyone is missing one very important basic rule and that is use a test box, or directory for making any mods first, AND make sure you have complete backups of any site BEFORE you upgrade anything.

I apologize if this post sounds like I am standing on a soap box, but I really get frustrated when I see anyone tearing down the good work of any author that is freely giving his time and effort to produce quality software at no COST to the end user. You know we could stop all of this bickering and just say forget it we will never use Open Source applications again and pay $1500-$3000 each for software applications that we want to run on our boxes, that way those authors would at least have the money to write the sophisticated scripting necessary to reach out and touch every single mod ever made for their software, and they could install idiot proof upgrades that would warn you serveral times to make a backup, and check to see if the backup exists and if not, then further idiot proof the upgrade to perform the backup itself.

Albert R Toia
CEO - Eagle-Hosting, Inc.
Tell your friends and family about us.
We are CMS friendly and offer a very robust hosting system.

Michelle’s picture

First of all, why are you dredging up a 3 month old thread?

Second, "any author that is freely giving his time and effort to produce quality software at no COST to the end user. " doesn't make a lot of sense. I could be wrong, but I thought the hosting companies paid for for fantastico? Even if they don't, I don't agree that you can't criticize free software. Just because something was made for free doesn't make it perfect.


My site:

dudez12’s picture

I have installed Drupal with fantastico 3 weeks ago, so I had no way of knowing about the problems it can cause. Is there any way to "detach" my drupal install from Fantastico, so I can update it myself?

sepeck’s picture

Interpret the thread.

If you install with Fantastico, then you will need to pick one path to maintain your site. Either upgrade through Fantastico ONLY and trust they have done their job, OR upgrade manually and don't use the Fantastico installer to update your site beyond the intial installation.

In any case read the best pratices and make sure you know how to backup and restore your site first. Then if anything does go horribly wrong during an upgrade, maintaince, change, etc you have the confidence of knowing you have trusted and TESTED backups and a restore proceedure so disaster is merely temporary and annoying and not catistrophic.

-Steven Peck
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain

-Steven Peck
Test site, always start with a test site.
Drupal Best Practices Guide

dudez12’s picture

Since I have installed with Fantastico, would it be a waste to pay my webhosting company to update drupal for me, or is it possible and worth the money?

Muslim guy’s picture

I'd say you can make learning installing it worth your time.

Since the latest stable version is 4.7.3 or 4.6.9, maybe you can learn isntalling it manually.

I remember having a 50-MB domain with no Fantastico (and only HTML knowledge from Geocities free websites). I'd scoured to find CMS and useful scripts.

And I HAD to learn installing osCommerce and customizing it.

So when I got a new domain with Fantastico - it was experimenting with many CMS and sticked to Drupal (that was 4.6.3).

The knowledge from installing manually was then used when the need to install stable Drupal version (the need to not depend on Fantastico)

sepeck’s picture

The choice is yours. I have never used Fantastico. But then I did go through learning to install, move, backup and restore Drupal sites on purpose.

-Steven Peck
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain

-Steven Peck
Test site, always start with a test site.
Drupal Best Practices Guide

sacxtra’s picture

Okay reading through these threads, I come to the conclusion that if I want a bleeding edge secure production drupal, I must sever the cpanel/fantastico ties.

I installed several drupal[s] at several different dates. The 4.7.0 update was the nightmare that killed one domain that I run.

HERE IS HOW. (from my vague memory in the 4.6 -> 4.7 upgrade era..)

I got security update from in my email.
The particular update mentioned some crap about msql update. I mistakenly ran the update.php or upgrade.php (I forget which now) and it trashed the database on a site that was up for 2+ years. Luckilly I know the owner of the ISP who bailed my ass out by creating a full backup of everything in our account, I rolled back to that and then was able to press on.

My current stratigy is to read / grep through the "patch" and download the latest drupal tar.gz then extract the modules effected.
This is because several years back in the (4.6x / 4.5.x days) I had installed initially using fantastico.

Personally I don't need fantastico. I used it for speed at the time. I didn't NEED IT. But THE FACT IS I USED IT. But now this insanity of oh it's this or that, is too much for me, I got other stupid problems in my life that I don't have time to argue who is right or wrong. The problem is we are talking security. I ain't a guru, but I also ain't stupid. Someone is dropping the ball and if I had to point a finger it'd be at the cPanel+Fantastico folks.

TODAY (Aug 4th 2006)..
today I got another security email from drupal for user.module I just ( ftp ) replaced user.module after downloading all of drupal 4.7.3.tar.gz
I then edited the fantversion.php to 4.7.3.

Am I patched?!

I have not relied on fantastico for upgrades since 4.7.0 (prior to 4.7 I always had trouble with themes with fantastico upgrades, Minor dilema compared to getting the core running stable.)

I would have to say I would desire the CORRECT path to snip the embilicle cord of fantastico. Nobody told me to touch fantversion.php . But, Like I said I ain't stupid. I did analyse cPanel and fantastico on a production box, but I HAVE NOT been able to just test out drastic ideas. Anyway touching fantversion sets fantastico to say "Manual Upgrade Only." But what happens when Drupal + fantastico goes to version 4.7.3? I should just change the number to v9.9.9 (But then EVEN I CAN"T TRACK THE DAMN VERSION!)

Can anyone out there grasp the dilema?

Personally I have noticed the whole support for cpanel+fantastico is less than desirable for co-sysadmins who haven't purchased it. I can't even dig into their support! I don't really give a crap who is at fault, I only hope that the owners that be become enlightened and smooth this problem out. I also noticed that co-sysadmin can't run a copy of cpanel to analyze it. I feel a diminishing return a comin for cPanel+Fantastico.

I *understand the need* for cPanel and fantastico. It's expensive software. But there should be a solution to this.

What is running through my mind right now is how I can stay on top of Drupal upgrades without fscking up my database again. My ISP did it for me once cause I know him personally, but he ain't gonna be so happy to do this again. In short I got lucky cause I do a lot of work for him for free.

This security upgrade didn't mess with tables. I ain't sayin I Cant deal with modifying tables. I can. But if a script is supposed to do it for ya, and your box ain't hacked/owned/trojaned, then the script should do it's job. I SAW FAILURE.

How EXACTLY does one cut the tie with fantastico without going through a bunch of crap. I know at least one way. But I don't have the BANDWIDTH to do it myself from my location. I am on a friggin dialup currently. Backing up 500MB is a two week process for me personally.

I do not see this as drupal's fault. But if Drupal can bail us out of this mess GREAT!

mwu’s picture

for all of you who don't want to do install and upgrade,
I've really liked opensourcehost. I'm moving the rest of my sites over. When I botched one of my upgrades, I simply asked them to do it.
they install and upgrade for free if it's not heavily customized. they'll even install modules and patches. i'm going to ask them to upgrade my six sites to 4.7.3

They are not paying me.

hc2’s picture

I agree with you that this is bad situation. I had this happen to me that I installed drupal 4.7 via fantastico and it didn't work at all due to the collation thing.
The hosting site support announced they didn't support drupal and that was the extent of their help. I note that they still do not offer a more recent version than 4.7. Irritating is right.

However, given the very widespread
usage of fantastico combined with a lot of hosting sites that will not allow
customers to access a login shell, the reality is that it sure would
be nice if drupal managed to peacefully coexist with fantastico. Is it really that
difficult? Other cms projects are not having as much trouble in this area eg
joomla. I installed joomla via fantastico and it worked fine and also it upgraded
fine. Maybe joomla knows some tricks about fantastico or mysql or php? If it was me, I'd be looking at what they send to fantastico for clues just in case
there's something in there I didn't know about.

(But an updated version of joomla did not appear in fantastico until after I had complained to the hosting site. I think that the hosting sites have more to do with what happens with fantastico than we think. This is a classic bureaucracy buck passing scenario, when there are multiple entities in the loop to getting something done, every entity blames the others so they all can happily not do anything. :-)

The other way to go would be to create an open source installation scheme
that competes with fantastico and is easier to deal with. (And would it be
too much to ask to have a version run on windows also?)

.carey’s picture

I installed three Drupal sites using Fantastico. I used it to save myself a few steps of setting up a database. The installs worked perfectly. Then, I downloaded the latest version of Drupal and did a manual upgrade by the (hand)book. I left the fantastico files, htaccess, and settings.php as is and replaced everything else. Ran the update.php file, and everything went beautifully. Then I changed fantastico.php to say the latest version - mostly for my own reference for future (manual) upgrades.

Since Drupal is so easy to upgrade -- not many files -- it doesn't take but a few minutes to do it manually. When I received the security report via email to upgrade to 4.7.3, it only took 5-10 minutes per site. Too easy.

I think Fantastico serves an important function for open source software. Namely, it gives the average person a quick install to test and evaluate open source software with relative ease. This is how I learned of Drupal.

andybold’s picture

No fingers to point here...

... just experience to share.

I too have been less than impressed by Fantastico upgrades.

Although I have installed Drupal many, many times, about 18 months ago when I saw Fantastico offered a Drupal install on my hosting account, and one that matched the current release, I pointed and clicked, and had the site up and running a few minutes later.

A few weeks later a security release was made and I visited my Fantastico control panel page, which was still showing the older release.

"No problem - it's only just been released, the admins will need to upgrade things at their end."

A week later, still no update. Call logged with Tech Support who said that they were waiting for a Fantastico update.

A few days later and Fantastico was updated with new versions.

I backed up, then started the upgrade process. The first message I remember seeing was "Make sure you removed all your additional themes and modules", and my first thought was "Huh? I thought that this was supposed to make things easier?"

Next I did what I should have done in the first place.

  • Download the latest release from
  • tar xvf drupal-x.x.x.tar.gz
  • cd drupal-x.x.x
  • rm .htaccess sites/default/settings.php
  • ncftp -u myaccount -p mypassword -R *
  • Once uploaded, visited
  • Clickety, clickety, site upgraded with none of that module and theme removal.

And then I wrote a script to make things easier the next time. So far, with one exception caused by the use of a CVS version of a module that I had failed to keep up to date, I have never had any problems.

One time I did try upgrading an old 4.6.x test site to 4.7.0 via Fantastico. Pain Happened. Or would have happened if I had been worried about the site content.

I also built a test site, deployed some modules and themes, and then upgraded via Fantastico without removing those modules and themes. (Something that I easily see an average user doing when they get Upgrade Fever and maybe don't read the Fantastico instructions as well as they could. Or do read them and think "What can it hurt? And why would I need that backup they mention?")

One word: Ouch.

So, lessons learned.

  1. Manual install is simpler, and more reliable, than "friendly" front end installers
  2. Always backup a site before an upgrade. (Yeah, I know, it says this in the documentation, but you must repeat the Backup Mantra at every opportunity.)
  3. That there are opportunities here:
    1. For Netenberg to improve Fantastico so that you don't have to remove modules and themes prior to an upgrade. Never expect a user who is using an easy to use front end to do what may appear to be difficult things.
    2. For Drupal devs to, maybe, look at ways of making the install process even easier than what is proposed for the new installer. (Haven't had time to check the roadmap/features list for this yet, but it would be *great* if the new installer version checked modules and themes, and disabled incompatible modules and themes automatically.)
    3. For a module developer to maybe take a look at how Typo3 handles component installations, and apply that to Drupal modules and themes.

Regarding those last two, my PHP-Fu is distinctly novice right now or I would do it myself.

A word of defence for Fantastico - having the feature available on my web host has allowed me to painlessly try out a few other systems that I haven't looked at before. Getting Typo3 working, for example, had caused me problems in the past, but was a quick point-and-click deploy with Fantastico.

Maybe the same thing will happen (has happened?) with Drupal users, and the community can grow a little more.

Although it would be nice if their first Drupal experience wasn't "Fantastico hosed my installation!" ;-)

Figster’s picture

I was just looking for a CMS for a new web site I was building, so, I went to Fantastico in my cpanel. Under CMS Drupal was listed first, I read down the list...geeklog, joomla, mambo....... xoops. Ok, they are in alphabetical order. Let's see, I have tried joomla, loved it.. but a little heavy for what I wanted on this site, mambo, tried it.. liked joomla better... hmmm, several on here I have not tried. So I picked phpwebsite... HATED IT!.. back to Fantastico.. let's take a look at Drupal. ( I like to read the forums before I install) Wow.. first thing I see outside of a new release is "Fantastico De Luxe: an insecure recipe for disaster" Of course this is a thread I need to read before I do an install.

Good lord what a thread it is.

I am not a programmer, I do some programming, because I had to. I have never installed an open source program that I did not have to adjust the code in order to get it to do what I wanted it to do. I expect that from an open source project. The whole idea of an open source project is a group contributing to the same goal. While I am on that subject let me also say, and correct me if I am wrong, that the number one goal of any program or programmer, is to make the end product user friendly. Otherwise, windows would never had been created, and all web users would be programmers.

I am a user. I use programs to do work that I need to have done for my end users. Since I surf the web, I am often an end user too. Thank the web gods for programmers that have strived to make the web user friendly. As a user, I do not want to spend more time than I have to programming my site. I want to spend my time creating content, and promoting my site.

Whenever I install a cms system, or any web program, I have found it best to do the updates manually, no matter how I installed it, because ANY other way usually creates problems with my content, or with the add on's I have installed. I have never had a problem with a Fantastico installation.. due to Fantastico. I did leave a host for another because the host caused problems in the programs. Usually a safe mode or a global's problem. ( I am not going to light that match here). Like one of the post here pointed out, just after install you go to your new admin only to find out your install is out of date. There is a red sentence saying "an update is available", with a "download now" link. You see, they program checked for the updates. I hope Drupal does. I never worry about Fantastico updates, as I do them manually anyway. As I see at this moment Fantastico is installing Drupal 4.7.2 and I see 4.7.3 is already out.

A users point of view: After having read the thread, I see that many believe in Drupal, so, I am going to go install it. I will use Fantastico to do it. I will explore Drupal for a day or two, if I decide to keep it, then I will install the update manually. I wish they would write updates to insert the new code, or change the code, without having to delete the changes that have been made, unless they are in direct conflict.

One final note: I would think that you would want Drupal to become as popular as any other cms out there. In order to do so, maybe you should consider some footer links, some template designs, and help FANTASTICO, or any other installers promote your cms. After all, I would have never heard of this program if it were not for Fantastico.....

Da Figster.
Having abandoned my search for truth, I am now looking for a good fantasy. Drupal friendly hosting at

Figster’s picture

My last post above was 25 min ago and already I have uninstalled phpwebsite, and installed Drupal using Fantastico, put in my logo, adjusted my settings, selected my theme, enabled modules, and blocks.

WOW was that easy! No programming! No errors! So far, the Fantastico critics are looking week.

Drupal preliminary evaluation: Awsome! I have never had an easier time with initial set up! The ability to replace the logo that easily.. I have never had it that good, I usually have to search to find where the logo links are and alter the code, or alter my logo to fit.. this was a simple upload via the admin section. So far, Drupal is looking really really good.

I will get back to you in a few days to let you know more of how I am doing, and what I think.

Da Figster.
Having abandoned my search for truth, I am now looking for a good fantasy. Drupal friendly hosting at

Muslim guy’s picture

Drupal as it is today...... since it was 4.6.3 (around August 2005) - has been like from hypes and `Powered by Drupal' logos and hard-to-remove links

Popular does not equal - Power and Flexibilities

But only Drupal CMS is popular, powerful, and flexible - not because says so, but because `power users' say so from their own experiences

Yes, people still use PHP-Nuke even though it is buggy and has many security vulnerabilities because it is popular - but the cost is on the user, not the developer.

People still use Mambo despite all its limitations and additional costs (you have to pay to have SEF URLs)

People use other CMS because they see other websites use them

But only Drupal users will see for themselves the power and flexibilities - kindof self learning, self help tools people dont spend too much time promoting - because the promoters are the power users like us

Figster’s picture

Popular does not equal - Power and Flexibilities"

Thank you for that information. Let me ask you, do you feel that people looking for cm systems should just accept the less powerful, and less flexible cm systems simply because they are popular? Or, do you feel that Drupal is the best system for people, and they should told about it?

"People use other CMS because they see other web sites use them"

So, if you have a footer link, they will have an idea as to where to go when they see this system being used? By the way, I did include a link to Drupal in my footer, I want people to know where they can get this wonderful system.

but the cost is on the user, not the developer."

Users should suffer because the other cm systems are more popular. We should not try and educate the user as to the different options available for them? As a user, I am a little offended that you care so little about us. As a promoter, I am just baffled as to your reasoning.

"Build a better mouse trap and they will come." is an old quote that does not hold true. If you build a better mouse trap, nobody knows, 'till you tell them. They old quote should say "If you build a better mouse trap, tell the world so they will beat a path to your door!"

I have used Drupal for less than 24 hours, and I am impressed with it's easy to use interface. Looks like it was designed for users, not programmers. If the great programmers of Drupal went through all the trouble of making it easy for users, why would you not want to tell the users that?

Self promotion is not an evil beast in and of it's self. A resume is self promotion. A simple link is a cheap price to pay for such a powerful cms. Helping installers and webmaster promote you system can only benefit the programmers that have sacrificed their time in developing the program.

I do not agree with Joomla, and Mambo allowing private developers to post contributions and charge for them. It is after all supposed to be "open source". These charged programs go against that theme, and were built off the backs of the core programmers. However, if Drupal becomes more popular, then you site could use add revenue to support the project. Support of the core programmers time. A donation link would be good too. At that level there isn't an evil beast, the beast is when and if it were ever allowed to extend to the point that Joomla, and Mambo have.

Since I am not a programmer, I am unable to contribute to the project very much. I might help with simple questions in the forums, but I would be lost to the complicated code questions. As a promoter, I can be of some service. Gladly do it. Why? for the same reasons the developers of Drupal, or any open source project, do what they do. Belief in the product, belief that information should be free for ALL to use, belief that what we are doing has a purpose.

Da Figster.
Having abandoned my search for truth, I am now looking for a good fantasy. Drupal friendly hosting at

Muslim guy’s picture

Thank you Figster for sharing thoughts

I donno if you are hostile to my posting or not....:o But are you saying that I have said something AGAINST Drupal? Nope, I said - just doesnt really care about self promotion, it is really up to the users and developers (who dont work for as employees but as associates / joint ventures or something like that) to promote Drupal. Guys like kbahey and killes are module developers - kudos to them (*Kudos means congrats right? )

Example: - it uses Drupal but it doesnt tell it is powered by Drupal, instead the webdeveloper link is promoted at the bottom.

How do I know it is on Drupal? Because it is showcased in Drupal gallery

And I did not say doesnt care about users, if they dont care, then there is no such thing as Drupal in the 1st place. But is different from say, Mambo (Miro),, etc etc - in its evolution and development.

As it has always been, Drupal promotion is done VOLUNTARILY by Drupal users. Like myself and our team, we are inspired by and to promote Drupal. But we had already become power users, and we dont use or buggy softwares just because it is popular. But Drupal is (as far as we are trusting) stable, powerful, and popular.

A newbie which does not or not aware of - will not find `Powered by Drupal' or anything.

"Yes, people still use PHP-Nuke even though it is buggy and has many security vulnerabilities because it is popular - but the cost is on the user, not the developer." - what I mean is that if anything happens to the site, it is the user who suffers, because he had already paid somebody to do the installation, and he might have gained many users (registered) and ranked by Google, and suddenly the PHP-Nuke site got hacked, crashed, or broken. Even if he did all by himself (not paying anybody to install and run it), he will find many problems and many patchings to do. What if he never ever recovered what he had worked so hard with PHP-Nuke before it crashed?

Back to Fantastico...

Yes, it helps people to choose which CMS, but I as pretty experienced power user advice that:

If you are succesful in using Fantastico-installed Drupal, just be careful and be prepared if one day your Drupal site crashed and whtaever error message appeared.

It happened to my osCommerce (installed with Fantastico) - about 3 months it just crashed. Whereas another of my osCommerce installed MANUALLY - is stable and went strong, no glitch.

The same dilemma is on Drupal - install Drupal 4.7.0 with Fantastico - you might enjoy learning it for maybe several days before it crashed. But at least newbies get the chance learning the ropes or the `Drupal way'.

So newbies - time to learn a new thing - manual installation - it is already provided

Figster’s picture

No my post was not meant to be hostile in the least. I am simply offering you the newbie point of view as discovered your site via Fantastico, how my installation works, and trying to contribute to the thread.

As I have said, I am a promoter, not a programmer. I have several sites with Zen (open source ecommerce) Joomla, phpwebsite, and a few others. I have often used Fantastico for those installations, and do not believe I have ever had a problem due to Fantastico. I did have to switch host once due thier settings not working with programs that needed re-write permissions, and that may be the cause of some of your crash problems.

When I consider the number of sites using these open source projects, I find it very difficult to believe that all will be hacked or crash eventually. I have been using oscommerce, and zen installed with Fantastico for over two years. I have used mambo and joomla for about a year. I know that when some have had problems it was because they changed some code, or added a contribution that was not compatable, or deleted some data base, or file. I have been on their forums for a long time, and do not recall one post about crashing that wasn't caused by one of the above mentioned reasons.

Hince my surprise when I was looking into Drupal. As you see from my post I thought it might be good to try an experiment to see what happens with a Drupal installed with Fantastico. I am using a test site, as I often do when trying new programs, or styles, templates etc. As you can see from my earlier post, so far everything is moving along well.

Then I saw your post, and thought as I read it that this person did not care if Drupal ever reached the level of popularity that others have. In fact it really felt like you did not care if users sufered. I am sorry if I misunderstood your post.

My intention is to give you some unique feedback, since I had never heard of Drupal until a few days ago. Plus the fact that I am not a programmer, and I do use Fantastico. We can call this an experiment. If fantastico causes problems, I have a vested interest in knowing about it.

Update: My site is comming along well, I am happy to report that I have found the installation easy. I found the logo, and template selection to be easier than any other cms I have used. I spent some time yesterday going through your extensive contribution list and am excited about installing them as well. The only difficulty to date that I have run into is the terminology, and the big head outline in my template.

Obviously, I am going to need to spend some time going through your help sections, and handbook to get to understand the terminology, and figure out how to get rid of the Drupal Logo outline in my header.

PLEASE DO NOT HELP ME ON THESE POST!!! Lets conduct this experement in a manner that will determine how hard it is for a newbie to figure things out. Let me make my mistakes, and discoveries. If I need help I will post in the help forums and see how the support goes. And to keep this experiment fair, I will post in those forums under a different user name. I will not give the link to my site in this forum for the same reasons.

Granted I am only one user, and that may not give the full story, however, it may provide you, and new users, with some insight.

I have recommended Fantastico to many people, and I am the type that does not make recommendations on anything he does feel confident in. My suggestions in my last post were made as a promoter, I am an expert when it comes to SEO, and web site promotion. As I can not contribute to the code, then I will contribute to the promotion if I feel Drupal is a better cms. I will post my updates as I have them in this thread.

What do you say? Up to my little experiment?

Da Figster.
Having abandoned my search for truth, I am now looking for a good fantasy. Drupal friendly hosting at

Michelle’s picture

I'd love to hear about any troubles you have finding things in the docs. Feel free to use my contact form. It's helpful to have a newbie's perspective. As I've been at this over a year, I've forgotten a lot of things that gave me fits at the start. :)


Figster’s picture

Wow, as I read through the docs I begin to see how flexible Drupal can be. I also see I have a lot to learn if I want to implement my sites content in an easy to find and read format.

At least I now know what a node ( thought that had to do with pizza), and a taxinomy (thought that was stuffed animals) is, even if I'm not sure about the spelling yet.

Brilliant! I can see that the breakdown of the various content into blocks, nodes, taxinomies, and etc, coupled with the various setting options, is what makes Drupal such a powerful and flexible system. I also see you have a great deal of support docs, and material for newbie food.

It will be interesting to see how long it takes me to digest my information meals and become productive at building my site. ( I think there may be an open joke in there) The more I read the more interested I am in the Drupal methods. I started with the terminology, and will be moving on to the tutorials. So far, I have found the Drupal Dictionary of great help.

Da Figster.
Having abandoned my search for truth, I am now looking for a good fantasy. Drupal friendly hosting at

kkobashi’s picture

Fantastico is good. But knowing how to install, backup and restore is even better.

A one button install, while nice, may solve your immediate concern. But in the long run, you are setting yourself up for potential problems if you don't learn how to do it the right way...

just my 2cents,

Kerry Kobashi

Chris Lozinski’s picture

I think I did everything right – upgrading from 4.6.2 to 4.7.3 using Fantastico.

The new site worked perfectly until I rebooted the next day. Now it has reverted to the former version though Fantastico states 4.7.3 is installed!

I think from now on I will only install and upgrade manually but in the meantime, I can't believe the new version isn't still there somewhere and all I need to do is change something somewhere in a config file.

I hope this is the right forum to discuss this, if not, could someone please direct me to the correct one?

I would really appreciate some guidance – has anyone any clues as to to what might be going on?

Many thanks Drupal Community

GreenHares’s picture

I subscribe to the Drupal Security RSS feed and was surprised how long I had to wait for the upgrade option to appear on Fantastico.

Well, it was there on Sunday (1st Oct 2006) so I took the option to install. This appeared to have gone well enough ... BUT ... it didn't.

For instance, the modules I'd downloaded installed and configured (ie flexinode, image and img_assist) were all gone! I'm still picking over the wreckage. Luckily, it's an experiment that I've not invested a lot of time into.

This is the 2nd time a Fantastico upgrade has left me repairing my site.

To its credit, there is a backup of the before state created before the changes are made.

Given that the security fix was slow in being made available and that it blindly detroyed my personalisations, I'll do the upgrades myself from now on.

WisTex’s picture

Wow, what a thread!

I have used Fantastico to install many scripts, including Drupal. In fact a couple years ago Drupal's installation instructions were so complicated that I would not even try Drupal if it weren't for Fantastico. Fast-forward to 2007 and it looks like Drupal 5 comes with an installer! Thank goodness for progress. I always liked Drupal but hated the "must be a techy" installation instructions of a few years ago.

I have never had a problem with Fantastico during installation or upgrade. I'm pretty satisfied with it. My only dislike is that it rarely has the latest and greatest versions of the scripts I want to install.

My general rule of thumb in using Fantastico is this:

1.) If I have no plans on adding modules or modifying the script (other than simple cosmetics things), then I use Fantastico. Its so much easier to upgrade and maintain and being a version or two behind won't hurt me much.
2.) If I plan on adding modules or doing significant modifications, I install the latest version myself. I do not want to risk Fantastico botching up the upgrade because of my modifications.

Also, I sense some hostility in this thread. Wow. I'm not sure what the deal is, but wow.

Anyway, I think Fantastic has its place and the appropriate way of dealing with this issue was to contact Fantastico first before making accusations. Until recently, Drupal's installation sucked. You can't blame people for turning to Fantastico to make it easy to install, which is something Drupal should have and has now done in 5.0 (according to the Drupal site, I have yet to install a 5.0 version of Drupal).

That being said, I am impressed that Drupal has come a long way in the last year or so when I last evaluated your product. A lot more modules, and a long awaited install script. I can't wait to install the latest version with CivCMS installed as well.

Keep up the good work guys. Both here at Drupal and Fantastico.

kadoch’s picture

What do you guys think about Installatron ?
It's a one-click install (paid) package, seems to be really good.
I'd like to know your opinion

NancyDru’s picture

First, check out

Fantastico is not, and does not bill itself, as a cure-all. It only installs core functions. Its update process will remove all non-core functions. And they will tell you this if you ask, as I did.

There is no way anyone can create a one button process that works for everyone.

I have had absolutely NO problems using Fantastico, for now 9 sites. I would, and do, recommend it.

I would NOT recommend using its update process. I back up (export) the database, pull it down to my PC, where I upgrade it to the new release. Then I go back to Fantastico to delete the installed version, and then install the new (CORE) version. I upload all my non-core modules, themes, and pictures to their respective locations. Then I import the database that has already been upgraded. The whole thing takes no more than 15 minutes, roughly the time it takes to FTP the Drupal code.

Nancy W.
now running 5 sites on Drupal so far
Drupal Cookbook (for New Drupallers)
Adding Hidden Site Design Notes