|
Movement Monkeys
|
May 27, 2019 at 5:05 am
I had a problem with malicious bots slowing down the website, so my server support staff altered the cron job. Now I have a problem with the above cron events slowing down the site. WP-Cron spawning is disabled.
|
|
Tony
|
May 27, 2019 at 9:22 am
Hi there,
Ok, so WP-Cron has been disabled, have they not set up an alternative/’real’ cron on the server?
With regards to bots, have you enabled reCaptcha on the ticket selector?
|
|
Movement Monkeys
|
May 27, 2019 at 6:28 pm
Yes, WP-Cron has been disabled and a real cron job set up. Please see screenshot to see if it is set up correctly. I have reCaptcha enabled on the ticket selector.
|
|
Movement Monkeys
|
May 27, 2019 at 9:55 pm
I have removed the real-cron job as it appeared the EE was not communicating with it or it wasn’t working, and turned back on WP-cron. Now we have an error with a time out. Also as you can see from the screenshot the expired transaction check is spawning every couple of seconds. I really need to delete all these hooks. My server staff are looking into the timeout error and the WP-Cron problem. Do you have any suggestions that may help – especially with deleting all these cron events?
|
|
Movement Monkeys
|
May 28, 2019 at 6:24 am
Server support suggested rebooting a back-up. The most recent backup available on their cpanel was 30 days before, which happens to be the date I changed the cron job. So I did a scramble, ran around re-installing stuff and then sat here deleting massive amounts of the above cron event strings. It looks okay for now, but those events are still populating but not at the same rate as before.
Aside from the fact that I am pissed off that you guys offered me no support whatsoever today with an issue that clearly has to do with your plugin that is key to our website (we only run a website so people can register and pay for our events) I have encountered a more interesting issue tonight.
When I delete an incomplete registration, it goes through to trash as a complete transaction. Also, all of the registrations I have tried to delete, come up with some status that is incongruent to your rules for deletion. I know these are not the right rules for those registrations (this is very different to what I have seen before). I think you have someone out to sabotage you. And it is working, because I am ready to pull down the whole EE system and try something else.
|
|
Movement Monkeys
|
May 28, 2019 at 6:37 am
I need you guys to respond to this. I have my own backups done in March. Should I reboot these?
|
|
Josh
|
May 28, 2019 at 7:00 am
Hi,
I’m just starting my day, so I apologize you didn’t get a reply yet today.
With regards to restoring to a backup, I’m not sure how that would help at this point? It seems the problem happening is related to bot activity. So a solution will be to block the bot at the earliest possible point before it can submit a form. This guide shows how to identify, then block the bot at the point the .htaccess file loads:
https://perishablepress.com/block-bad-bots/#bbb04
|
|
Movement Monkeys
|
June 1, 2019 at 6:35 am
Hi Josh, You were right about not restoring a backup. It made no difference. We have managed to get the bots under control. But a new problem has arisen. People cannot get through to the payments page on ‘make a payment’, and they get redirected to a summary of their registration with a link again to ‘make a payment’ which loops back to the exact same page. Any ideas why this is happening? This is a major problem as no registrations are being recorded and no payments are able to take place.
|
|
Movement Monkeys
|
June 1, 2019 at 7:02 am
I can’t see any obvious conflicts with the measures we put in place to block the bots.
|
|
Josh
|
June 3, 2019 at 6:44 am
Hi,
I just did a test registration on your site and the payment page worked as expected for me. When I selected PayPal, then clicked the button to proceed I was redirected to paypal.com. Then I click cancel & return link at paypal.com and tried the Invoice payment, which brought me to a page where I could download the invoice. I’ll add a private reply with a link to that invoice.
Is there a specific event I need to register for in order to replicate the issue?
|
|
Josh
|
June 3, 2019 at 6:44 am
This reply has been marked as private.
|
|
Movement Monkeys
|
June 3, 2019 at 6:49 am
Thanks so much Josh.
What I have found was that it was a conflict with Contact Form 7 and the recaptcha on EE (two plugins trying to do the same thing I think). I have disabled the EE recaptcha on registration form setup, as Contact Form 7 covers other areas of the website, and the problem has stopped. Can you please confirm that this will be okay? Will contact form 7 (with recaptcha V3) still cover the registrations on EE?
|
|
Josh
|
June 3, 2019 at 7:21 am
I do not believe the Contact Form 7 plugin will protect the Event Espresso registration form. CF7 only protects its forms.
What you could do is set up the CF7 plugin to load files only on pages that contain contact forms. Here’s a link to CF7’s guide that shows how:
https://contactform7.com/loading-javascript-and-stylesheet-only-when-it-is-necessary/
This will prevent those from loading on any events pages, then use Event Espresso 4’s built in reCAPTCHA. Ideally you would use the reCAPTCHA option for the Ticket selector which will block bots from even reaching the registration form page.
|
|
Movement Monkeys
|
June 3, 2019 at 7:46 am
Okay, thanks so much for clarifying that. I will look into it. Also, what about the plugin Advanced noCaptcha & invisible Captcha? From what it appears, it has capabilities to cover both CF7 and EE forms. Is this an easy runaround?
Ah, there could also be a conflict with having comments enabled on the bottom of event pages. If I set up CF7 as you say above, I would have to remove comments from event pages, right?
|
|
Josh
|
June 3, 2019 at 7:58 am
I’m not aware of other plugins that protect the Event Espresso ticket selector and forms that use reCAPTCHA. They may display a badge and even interfere with EE’s reCAPTCHA, but they are not going to protect the EE forms.
I don’t believe you would need to have comments disabled, as those are not contact forms.
|
|
Movement Monkeys
|
June 3, 2019 at 8:11 am
Okay, thanks. You rock Josh!
|
