Solved: link-template.php.suspected

The last 3 days i see my websites (using wordpress cms)  getting error because of this files (link-template.php) automatically rename every morning and afternoon. i check the crontab but there is no issue. i also rename some security plugins (wordfence) but i think the cause is not from the wordfence. (in my opinion this plugins change or rename the files. but when i upload the fresh one, the size of files is also the same with the files in server (the suspected one)

then i also try to rename the files to linkrio.php then i change the included files in wp-settings.php but i think this is not solved the problems. should find the root of this devil code. 🙂

then i follow this discussion here https://wordpress.org/support/topic/link-templatephpsuspected?replies=41

and found the way to find the malware code :

egrep -Rl 'function.*for.*strlen.*isset' /home/username/public_html/

execute_this

 

 

 

 

 

 

 

 

 

 

 

so after execute that code you can see the list of the files injected.

i open them one by one ..

on you can see something like this below

malware1

 

 

and also something like this :

malware2

 

so i just delete all of that script list above.

hope this will help you also.

regards,

-Rio Yotto

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

One thought on “Solved: link-template.php.suspected

  1. Hey! Thanks for the command line! I was puzzle by the error for week! Thank you very much!

    the malware file in my client’s site is /public_html/blog/wp-includes/fonts/view.php

Leave a Reply

Your email address will not be published. Required fields are marked *