Hello, I have litespeed and yesterday from chkrootkit I see that: Code: Checking `bindshell'... INFECTED (PORTS: 465 45454) I have cPanel and the notice of the port 465 it's ok. It's the first time that chkrootkit alert me for one other port. The port 45454! After research I can't find this particular port (thing litespeed listen to another again) but instead I find litespeed run with a second PID process to a similar UDP port!! See below: Code: lsof -i :41733 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME litespeed 14871 nobody 77u IPv4 yyyyyyyyy 0t0 UDP *:41733 lsof -i :7080 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME litespeed 14867 root 44u IPv4 xxxxxxxxx 0t0 TCP *:7080 (LISTEN) litespeed 14871 nobody 44u IPv4 xxxxxxxxx 0t0 TCP *:7080 (LISTEN) Code: udp 0 0 0.0.0.0:41733 0.0.0.0:* 0 yyyyyyyyy 14871/litespeed (ls Also I have Quic UDP ports 443 allow to my csf firewall. Is possible something malicious run with litespeed? I have cPanel and I made all the steps for litespeed from your docs... I have also comodo modsecurity litespeed rule set enable and everything... Why litespeed open ports UDP?