Background Information
Microsoft® deprecated the FrontPage® extensions for Linux in 2006. Since this time, the FrontPage® extensions have received no security support.
cPanel & WHM continued to install Microsoft FrontPage extensions by default until February, 2014. At that time, FrontPage was removed from EasyApache. In August, 2014 with the cPanel & WHM version 11.44 release, cPanel provided tools for removing the FrontPage® extensions and announced that FrontPage would no longer be supported in future releases.
The cPanel & WHM version 11.46 release is the first where all FrontPage functionality has been removed. To ensure that this change does not interrupt service for end users, upgrades to cPanel & WHM version 11.46 are blocked when the FrontPage extensions are still installed. They must be removed before an update to cPanel & WHM version 11.46 is allowed.
Impact
Customers that do not remove Microsoft FrontPage extensions from their servers will continue to run the cPanel & WHM version 11.44 release of cPanel & WHM. All major releases of cPanel & WHM receive one year of security support once the next major release is issued. Customers that do not remove the FrontPage® extensions during this timeframe will cease to receive updates to their server.
The usage of FrontPage extensions is limited. Microsoft ended client support in April 2014 with FrontPage 2003.
How to determine if your server is affected
You can determine if the FrontPage extensions are installed on cPanel & WHM version 11.44 and earlier by running the following command:
if [ -e /usr/local/frontpage/version5.0/bin/owsadm.exe ] ; then echo "Frontpage installed"; else echo "Frontpage not installed"; fi
You can get a list of the specific cPanel accounts on your server that have used the FrontPage extensions in the past by running the following command:
find /home/ -wholename '/_vti_cnf/' -type f | grep -E -v 'htaccess|virtfs' | cut -d '/' -f 3 | sort | uniq
/home
partitions you will want to replace /home/
noted in the above command with any different or additional home
partitions
Resolution
If your system has no users that appear to be using the FrontPage extensions, you can remove them by running the below command via command line as root:
/scripts/unsetupfp4 --all
If there are users on the system that have used the FrontPage® extensions recently, cPanel recommends you contact them and migrate to WebDAV instead.
For Microsoft FrontPage, this can be done by the recommended article:
http://www.iis.net/learn/publish/using-webdav/how-to-migrate-fpse-sites-to-webdav
Automatic unused FrontPage installation removal
To help our customers stay on the most up-to-date version of cPanel & WHM, version 11.44.2.3 introduces an automatic removal system that automatically removes unused Microsoft FrontPage installations. This system should resolve blocker issues for most cPanel & WHM servers that this blocker affected.
We released this build on January 12, 2015.
If, when you upgrade to cPanel & WHM version 11.44.2.3, the cPanel & WHM upgrade process determines that FrontPage is installed on your server, it invokes the FrontPage automatic removal feature. This feature determines whether the FrontPage installation is in active use.
To determine whether a Microsoft FrontPage installation is in use on a cPanel & WHM server, the system calls the/scripts/unsetupfp4
script with the --only-if-unused
flag.
This causes the script to run the following checks:
-
The system will check whether the
frontpage-2002-SR1.2
RPM is installed on the server. -
The system will check any
*.cnf
files in the/usr/local/frontpage/
directory, to determine which domains on the server currently use FrontPage. -
The system will check whether the
/var/cpanel/dynamicui/fp
file exists. (If this file exists, FrontPage is already disabled.)
If the system determines that any of the server’s domains use FrontPage, the upgrade process remains blocked and no change occurs. System administrators can use the following command to manually remove FrontPage from these servers:
/scripts/unsetupfp4 --all
If the system determines that none of the server’s domains use FrontPage, it uninstalls FrontPage from the system and performs the following actions to clean the system of FrontPage-related data:
-
The system uninstalls and removes the FrontPage RPM.
-
The system removes the FrontPage ACL from all of the server’s ACL lists. This includes the reseller ACL lists in the
/var/cpanel/resellers/
directory. -
The system removes FrontPage options from all hosting plan (package) configurations.
-
The system removes FrontPage options from all feature lists.
-
The system deletes the
/usr/local/frontpage/
directory and its contents. -
The system removes the FrontPage related features from the WHM and cPanel user interfaces.
-
The system deletes any FrontPage-related information in the
httpd.conf
file. -
The system deletes the
_vti_*
and_private directories
, and their contents, from every user’s www directory. -
The system removes all FrontPage-related directives from all of the server’s
.htaccess
files. -
If the system’s Apache configuration includes an installation of the
mod_frontpage
opt mod, a notification will display.
After Microsoft FrontPage is uninstalled and its files are removed, the system’s FrontPage upgrade blocker will no longer block the upgrade to cPanel & WHM version 11.46.