Frontpage in cPanel

[polkocholo]

I activated Microsoft Frontpage in easyapache
But in ConfigServer Security & Firewall - csf v5.20 ( CSF ) >>>> Check server security display this alert:

Microsoft Frontpage Extensions were EOL in 2006 and there is no support for bugs or security issues. For this reason, it should be considered a security risk to continue using them. You should rebuild apache through easyapache and deselect the option to build them


Is this a bug is dangerous?
Do you need to do to disable this?


Regards

 

[Infopro]

Only install it if you must. There's really no reason to though, IMO.

 

[polkocholo]

Only install it if you must. There's really no reason to though, IMO.

So why csf think this identifies a bug?

 

[Infopro]

The message states:

there is no support for bugs or security issues

In other words it's outdated, not supported by MS any longer and probably should not be installed on your server.

CSF security checklist is a great tool of suggestions. You do not need to comply with every one of them.

 

[SoftDux]

You should really not use FrontPage Extensions anymore. It was discontinued in 2004, full of security holes and will give you more support nightmares than anything else. Most of the FE options don't work anymore.

 

[gkgcpanel]

I believe that was true for regular installations of Front Page, but cPanel team once mentioned that *their* installation of Frontpage was not susecptable to the security issues from FrontPage. Is this still the case??? Can someone from cPanel chime in here?

 

[SoftDux]

Their Wiki suggest you using something else: FrontPage

 

[gkgcpanel]

Thanks. I seem to remember however that cPanel once stated that as long as they can get FrontPage to properly compile via EasyApache, they will continue to support it. The first time that they run into problems trying to compile FrontPage via EasyApache, they will then officially stop supporting FrontPage on cPanel.

That's what I'm trying to figure out. Have they (meaning cPanel) officially stopped supporting it? If so, why is it still listed as an option in EasyApache? If not, is it still susceptable to the security issues that plague FrontPage in general?

I desparately want to get rid of it, but I know that I have a handful of customers that still use it, and these people will most likely leave to find another host that still supports FrontPage. I'm trying to avoid that if at all possible. So if someone from cPanel can chime in here and give their 2 cents, that would be great.

 

[voshka]

As far as I remember it also conflicts with password protected directories

 

[cPanelTristan]

We have not officially stopped supporting FrontPage in EasyApache. We do not recommend installing it or using it (this is why it has [ ] Frontpage *DEPRECATED* in EasyApache), but we do still provide it. We do not yet have any announcement on FrontPage no longer being supported either. This does not make it secure or advisable to use.

For example, we provide DSO and that isn't advisable to use on a shared machine unless you have enabled mod_ruid2 with it. We don't advise using PHP 4 (and did drop it recently but supported it until it was removed). Here support means we will work to get the component working if it doesn't function properly after installation.

As for the customers using FrontPage, you might want to have a dialog with each to get them moved over to an up-to-date system for site changes. FTP clients do most of what FrontPage did and ones like Filezilla are free. File manager allows basic revisions on files.

 

[NetMantis]

In other words it's outdated, not supported by MS any longer and probably should not be installed on your server.

Infopro is giving you very good advice here!

To say that Frontpage is obsolete would very literally be the under statement of the decade!

Frontpage was formally discontinued many years ago and should not currently be used by anyone at all.

The extensions themselves, way back when they were last produced or supported, at that time were compatible to the servers and web technologies that were available at that time. Unfortunately so much has changed and evolved since those were written that they are no longer compatible with most of servers out there today posing not only substantial potential security problems but also a great deal of compatibility problems as well.

For the first couple of years after Frontpage was formally discontinued, it was fine to continue to support the extensions on your server for users who needed those extensions but that is no longer the case anymore and Cpanel would actually be wise to go ahead and remove them completely from future releases.

If you have a user who absolutely insists on Frontpage, you could setup WebDAV which provides much of the same functionality as the old Frontpage extensions and the old final releases of Frontpage supported that standard.

Ideally however, it's more than long since past time for all users to of migrated to something other than Frontpage and there is no reason to any longer try to support what for the most part no longer works on most of the servers.

 

[gkgcpanel]

Thank you. That's the pieces of information I needed.