Support

October 4, 2021 at 6:30 am

Hi there,

The email triggering would not be a red flag for being hacked here as it is possible for the above to happen in ‘normal’ conditions.

Note I’m not saying it’s normal or expected to receive your payment emails months later but rather that it’s possible to happen without any malicious/suspicious code on the site. I can’t say 100% you haven’t been hacked, but just that the above wouldn’t instantly say you have been.

Which payment method was the above using?

If you go to Event Espresso -> Messages, can you see the message that was sent listed there?

Listed at the top just above the table of messages you’ll see filters for messages.

Do you see any numbers next to ‘Queued For Generating’, ‘Queued For Sending’ or ‘Queued For Resending’ or do they all show 0?

If you install WP Crontrol on the site and go to Tools -> Cron Events.

Search for AHEE__EE_Cron_Tasks__expired_transaction_check in the search box there, how many does it return?

October 5, 2021 at 3:25 am

Do you see any numbers next to ‘Queued For Generating’, ‘Queued For Sending’ or ‘Queued For Resending’ or do they all show 0?
No,

Good, so you don’t have messages sitting waiting in the queue.

but this one has some:
Failed Sending, Can Be Retried (42)

That’s fine, it means sending failed when EE tried to send the messages for whatever reason but they aren’t actively trying to resend.

If you click on the filter it will display those messages if you want to check when those are from.

But…

Search for AHEE__EE_Cron_Tasks__expired_transaction_check in the search box there, how many does it return?
4,694 items – results

That’s likely the problem, well, actually a symptom of the problem but those crons can trigger messages.

The problem is the WP_CRON has been disabled on the site and even if there is a ‘real’ cron on the server it’s either not running, or not running regularly enough.

First, if you don’t have any active registrations taking place right now, delete all of those AHEE__EE_Cron_Tasks__expired_transaction_check tasks. Just hit the ‘Delete all 4,964’ link that appears when you hover over one of them (you can see it in the screenshot you sent) and wait for the page to reload.

When we fix WP_CRON on the site it’s going to start working through that backlog queue so you don’t want those from months/last year to trigger.

Even after deleting those you Custom Cron events queue has about 15k left, if you click on the CUstom Events filter is there a specific cron job listed over and over, if so, what it is?

October 6, 2021 at 3:26 am

How many cron events do you now have listed for ‘All Events’ in WP Crontrol?

It is possible there was an issue with WP_CRON/CRON on the site/server which has now been fixed server-side and the site has just processed all of the crons waiting in the queue.

October 6, 2021 at 4:09 am

Hmm, no, that’s 34 more than the previous number so it’s not that.

Mind if I take a look? If that’s ok you can send temp login details using this form:

https://eventespresso.com/send-login-details/