Support » Fixing WordPress » link-template.php.suspected?

  • Resolved Mary_cap

    (@mary_cap)


    Hello,

    Yesterday I noticed that my websites hosted in GoDaddy were down and all I got where some blank pages with the follow error:

    Warning: require(/home/content/89/9175889/html/blog/wp-includes/link-template.php) [function.require]: failed to open stream: No such file or directory in /home/content/89/9175889/html/blog/wp-settings.php on line 125
    
    Fatal error: require() [function.require]: Failed opening required '/home/content/89/9175889/html/blog/wp-includes/link-template.php' (include_path='.:/usr/local/php5_3/lib/php') in /home/content/89/9175889/html/blog/wp-settings.php on line 125

    I called the team support and they told me that someone changed some strings in some file. They didn’t wanted to tell me which strings or wich file where changed, they just mentioned quickly that was something called more o less “template-link-suspected”, then they proceed to change the theme of one of the websites and they suggested to do same through FTP.

    The point is, they didn’t solve anything at all, because when I tried to log into the admin panel all I got is the left menu with another error:

    Fatal error: Call to undefined function get_avatar_url() in /home/content/89/9175889/html/cappuccinofactory/wp-includes/pluggable.php on line 2221

    I am really desperate, I don’t know who to contact or how to solve this. I don’t know any webmaster who can help me out with this and I am about to start crying since I think I’ve lost all of my content.

    Please, if anybody knows how to do solve this, anything, a tip, a email of some webmaster…anything.

    Thank you so much for reading, looking forward to any answer.

Viewing 15 replies - 1 through 15 (of 59 total)
  • I had the same problem almost exactly. There is a line in the wp-settings.php file (in the main folder of your blog) that is being altered. I also had that same file inserted into my wp-includes folder (template-link-suspected).

    I was able to upload a fresh copy of WordPress (all files except your wp-content folder!!), which overwrote this file, and fortunately everything came back just fine.

    This happened twice to me, and twice I was able to get everything back just fine, so don’t worry!

    Luckily, I have ithemes security installed, so I was able to look through the logs and identify the IP address of the person/hacker that was possibly responsible for the hack and I blocked them from accessing the site through my .htaccess file. (The hacker IP: 94.131.14.100)

    If in doubt, the first step is always to install a fresh copy of wordpress. Then go through the WordPress docs to help secure your site again https://codex.wordpress.org/FAQ_My_site_was_hacked

    Make sure you replace all your plugins with fresh copies as well, and go through them and research whether or not they are well written plugins. I’m still going through that process, since it’s hard to pinpoint.

    You may also want to run a scan with Wordfence (https://wordpress.org/plugins/wordfence/) after you get everything back up to make sure you don’t have other issues in other parts of your wordpress install.

    Hello and thank you so much for you answer.

    The day after I found my problem did exactly as you suggested -install a fresh copy of WP through FTP-, in my case I left the content folder and the wp-config.php file intact. It worked but then the next day was again offline with the same problem, so I did another installation and again was “fixed”.

    Now I am only with one website down but can’t find the problem, in any case my main website is now online again.

    I’m gonna take a look to the plugin you suggested.

    thank you again

    By the way, after I fixed my website gave me an error when clicking on any link (pages, posts, categories, etc.), this was somehow fixed by setting my permalinks to custom and saving. Now is back to normal again.

    Just in case somebody else find the same problem.

    I am getting this problem too. I do not think wp-settings.php is being altered. What’s happening is something — probably outside of WordPress — is detecting link-template.php and renaming it to link-template.php.suspected. It’s likely some kind of false positive from a scanner looking for compromised files and such.

    I have not yet found what is causing this to happen, but in the meantime I suggest contacting your webhost. They will probably know what’s doing the renaming.

    https://wordpress.org/support/topic/fatal-error-on-wp-settings-and-links-template — apparently this is a duplicate of this issue. I suppose further discussion should take place there.

    Moderator t-p

    (@t-p)

    they told me that someone changed some strings in some file.

    The day after I found my problem did exactly as you suggested -install a fresh copy of WP through FTP-, in my case I left the content folder and the wp-config.php file intact. It worked but then the next day was again offline with the same problem,

    Sounds like your site has probably been compromised. If that’s the case, you need to start working your way through these resources:

    Additional Resources:

    Shit! Got the same Problem. I have 4!! WordPress-System on my Server and ALL got the same “link-template.php.suspected” problem.

    Warning: require(/homepages/**/*******/htdocs/******blog/wp-includes/link-template.php): failed to open stream: No such file or directory in /homepages/**/******/htdocs/****/wp-settings.php on line 125

    Fatal error: require(): Failed opening required ‘/homepages/**/*****/****/wp-includes/link-template.php’ (include_path=’.:/usr/lib/php5.4′) in

    /homepages/**/*****/htdocs/*****/wp-settings.php on line 125

    I reinstalled yesterday all my four WP Systems, left WP-Content Dir and wp-config.php (maindir) and i was back again!

    Today (we have 03:23) again all four wp-System down with “link-template.php.suspected”… changed bevor ALL WP-Passwords and FTP Passwords

    It must be a script/Plugin that causes the Error!! Can anybody help? Maybe we use all the same “infacted PLUGIN”?

    Chris

    Hey! I just have the same problem with the link-template.php being renamed to link-template.php.suspected.

    I dont’ Know if it is related, but I ran a malware scan and found a suspicious file in wp-admin/css/colors/sunrise/dir.php, that the scan detected and put into quarantine.

    I’m trying a fresh wordpress installation as you guys have suggested, and hopefully it won’t happen again.

    Please keep us all updated.

    It seems this .suspected thing is connected with some kind of hacking, because being hacked was the reason I’d upgraded WordPress to 4.2.2 in the first place. The link-template.php file itself is not being compromised, though; it’s the same file that WordPress itself installed.

    getting the same issue here. Will update if I find the root of the problem.

    i got this

    Warning: require(/*******/wp-includes/link-template.php): failed to open stream: No such file or directory in /*******/wp-settings.php on line 125

    Fatal error: require(): Failed opening required /*******/link-template.php’ (include_path=’.:/usr/lib/php5.4′) in /*******/wp-settings.php on line 125

    link-template.php.suspected

    Problem since 2 Days. Reinstalled 3rd Time NOW. First it starts about Midnight (1st day), 2(nd) Day after midnight, now (3rd) day after 12 hours (luch time)

    i run 4 WP-Systems with 4.2.2 on one i switched off ALL Plugins to test if check if a plugin used by all Blogs is the enemy. But still all four wp-Systems got the same “link-template.php.suspected” Problem after first days 24 hours. now 12 hours…

    only way i get back is to “reinstall” clean 4.2.2. WordPress and left WP-config.php in Maindir of Blog! But that’s now a solution, when some ours l8ter all is “link-template.php.suspected” again.

    Has someone find a Solution? changed FTP and Admin Passwords but no Effekt still that shit.

    Greets from Germany

    PS: Is it a 4.2.2. Problem? Anyone tested older WP System and blocked Autoupdate? Maybe Virus on WP-install Zip 4.2.2.?
    German WP-Install File infacted?

    Same problems over here with a few of my clients!

    Same problem here on 6 sites running 4.2.2 … not present on 2 sites running 4.1.1

    I changed the file permissions of link-template.php to non-writeable… but still it was renamed a third time in the past 24hrs. I’ve installed some more robust security and upped the level of protection from Cloudflare, but it looks like it’s a vulnerability of 4.2.2 that needs to be patched ASAP.

    I contacted my Server Tech Team (Provider) and described the problem. They told me that normaly a Virus scanner renames “link-template.php” to “link-template.php.suspected” to protect the Server.

    But they don´t do that like this (My Provider). Normaly a installed “F-Secure” or local PC! installed Virus Scanner with FTP / Webdav Access to that. But i don´t have this…

    We all left WP-Content Dir. The Tech Team told me that ist possible that a infected .jpg file!! can have a script Virus!

    Another possibility is an “SQL injection” they told

    Now more ?????? is on my side. I have a “managed Server” so thge most works in not on my side…

    Anyone out how can help?

    Hi Joe! So your 2x WP 4.1.1. WP runs well?

    What have you done to disable AUTO-UPDATE so that you can run WP 4.1.1 and not autoupdate to 4.2.2.?

Viewing 15 replies - 1 through 15 (of 59 total)
  • The topic ‘link-template.php.suspected?’ is closed to new replies.