cPanel patched Kernel + mod_ruid2 + jailshell and still have a notification of the Bluehost Patch


Well-Known Member
Dec 19, 2015
cPanel Access Level
Root Administrator
I used to have Mod_ruid2 + Apache Jailshell enabled and following this Kernel symlink ownership attacks, while Jailshell & mod_ruid2 enabled I'm using the cPanel patched kernel

uname -r
So currently I have cPanel Patched kernel, mod_ruid2 and jailshell all up and running. The last few days the security advisor showed the Bluhost Patch that is enabled while it dhouldn't be. I contacted my host (Hostgator) and asked them to remove the Bluehost patch and so they did. However the security advisor still shows the respective notice and tells me that the Bluehost patch is active. They opened up a ticket with cpanel describing the situation and here is what we got.

"Based off what I understood from the cPanel technician is that they patched the bluehost patch into the apache rpm. In order for the patch to be used however there does need to be some modifications to the apache configuration files that have not been done. From my understanding this is sort of a false positive from the security advisory. "
So what I am asking is the following: Is it a false positive from security advisor and does anybody else experience this?


Staff member
Apr 11, 2011

This is answered on the following thread:

Apache Symlink Protection is enabled


Actually, the message you see in "WHM >> Security Advisor" is a false positive. You can safely ignore the message about the BlueHost patch, as internal case CPANEL-9914 is open to address an issue where Security Advisor falsely detects Bluehost Symlink Patch as "enabled" in EasyApache 4 and causes a false positive. I'll update this thread with more information on the status of this case as it becomes available.

Thank you.
Thank you.