Support

Support Staff

June 20, 2016 at 8:12 am

Hi there,

The ee_locked_transactions option is no longer used in Event Espresso 4.9. When you update to Event Espresso 4.9 that option will be deleted.

June 21, 2016 at 3:44 am

Thanks for the information Josh. We’ve updated the plugin and the site is still going very slow, and we’ve had a look at the database, and noticed one of the tables has gotten exceedingly large.

Table name: wp_esp_line_item
Rows: ~633,257
Size: 104.7 MiB

In my local environment this never went above 10k lines and 2MB in size. I’ve noticed on some other threads you’ve recommended this bot plugin, do you still recommend this, and are you able to provide and SQL commands that will help prune this table back down to a reasonable size?

Many thanks

June 21, 2016 at 5:25 am

So far I’ve found these queries on another post located https://eventespresso.com/topic/slow-data-migration-to-4-7-0/#post-172280. Locally this seems to remove all the un-needed information and returns the database to normal sizes.

Can i get some confirmation on what the acronyms mean e.g. STS_ID/TFL please?

/* First run*/
SELECT TXN_ID FROM wp_esp_transaction WHERE STS_ID = 'TFL' AND TXN_timestamp > '2016-06-16 02:00:00'
DELETE FROM wp_esp_transaction WHERE STS_ID = 'TFL' AND TXN_timestamp > '2016-06-16 02:00:00'


/* Then run */
SELECT * FROM wp_esp_line_item li 
LEFT JOIN wp_esp_transaction t 
ON t.TXN_ID=li.TXN_ID WHERE t.TXN_ID IS NULL

Support Staff

June 21, 2016 at 5:41 am

STS_ID is Status ID.

TFL = Transaction Failed.

TFL is a status id given to the transactions that have no contact assigned to them (as in a registration that was created but no user actually registered)

Note that this status does NOT indicate a failed payment, a transaction can have multiple payments within it and each of those payments has their own status.

However, before you do this manually EE should run a cron job to remove those transactions for you.

Which version of EE4 are you currently running on the live site?

Has wp-cron been disabled on your site?

Also – the Blackhole bad bots is still recommended yes.

June 21, 2016 at 6:11 am

Thank you for the clarification on the acronyms.

EE Version: 4.9.1.p

I’ve had a search through the theme and there are no instances of WP_CRON so define('DISABLE_WP_CRON', 'true'); isn’t present in the theme, and I saw within EE you flag a warning if cron is disabled which isn’t appearing.

I’ve installed Blackhole bad bots and it’s already caught several bots.

I’ve disabled the plugin at the moment so the site is back to normal response times, If i re-enable it and put it into maintenance mode, will EE still run it’s cron job to clear up the database?

Support Staff

June 21, 2016 at 8:22 am

I’ve disabled the plugin at the moment so the site is back to normal response times, If i re-enable it and put it into maintenance mode, will EE still run it’s cron job to clear up the database?

It should yes.

If you install WP Crontrol and go to:

Tools -> Cron Events.

In the list do you see:

AHEE__EE_Cron_Tasks__clean_up_junk_transactions

Click the run now button for that job to run the process, any errors shown?

(Create a database backup beforehand just to be safe, although that cron should be running every hour anyway)

June 21, 2016 at 8:52 am

I’ve just re-enabled the EE plugin, it’s currently in maintenance mode.

Ran the cron task through WP Crontol and it processed very quickly, compare to when i had the raw SQL running on my local machine, I don’t think it should of been going that fast.

Checked the database and wp_esp_transactions is still around 126k lines where my local one is around 1.3k. wp_esp_line_item is still a massive 600k lines and my local copy is under 3k.

Do you have any more recommendations or should I use the SQL mentioned a few posts above and referenced in the other post?

Many thanks

June 21, 2016 at 9:06 am

I’ll had to add, we don’t have any “live” events currently, and we haven’t hosted an event in a while. We only do a few a year. We’ve tracked the spam back from the point of origin which not long after the updates went live.

This means we don’t have any live data from registrants, it’s all spam.

June 21, 2016 at 11:52 am

Support Staff

Hmm, the cleanup function run by the cron may be limited to prevent timeouts, as its run every hour it may do X amount on each request to slowly take out the transactions without causing further impact on the site.

However if you are getting more than X spam registrations per hour (which it sounds like you have been) the cron may not be removing enough to keep up.

We’ve tracked the spam back from the point of origin which not long after the updates went live.

Which updates? How long ago was this?

The cleanup function will only remove transactions that are over 1 week old, we can provide a filter to make this shorter if your spam registrations are fairly new?

Something like:

add_filter( 'FHEE__EEM_Line_Item__delete_line_items_with_no_transaction__time_to_leave_alone', 'ee_leave_line_items_alone_for_only_1_day');
function ee_leave_line_items_alone_for_only_1_day( $original_time_to_leave_alone ) {
return DAY_IN_SECONDS;
}

Added to your themes functions.php file will change the cleanup to remove transactions over 1 day old.

Do you have any more recommendations or should I use the SQL mentioned a few posts above and referenced in the other post?

Generally we advise against manipulating the database directly. You will likely find removing that many rows from the tables at once will cause a timeout on your live server.

Also the queries above seems to be incorrect.

Did you previously run this locally?


/* First run*/
DELETE FROM wp_esp_transaction WHERE STS_ID = 'TFL' AND TXN_timestamp > '2016-06-16 02:00:00'


/* Then run */
DELETE li from wp_esp_line_item li LEFT JOIN wp_esp_transaction t ON t.TXN_ID=li.TXN_ID WHERE t.TXN_ID IS NULL

Note the above assumes your DB prefix is wp_

June 22, 2016 at 2:18 am

Which updates? How long ago was this?

We done an update from EE3 to EE4 which went live last week, very early Thursday morning around 2AM. When I was looking through the database download on my local machine the failed transactions started happening just a bit after it went live.

The cleanup function will only remove transactions that are over 1 week old, we can provide a filter to make this shorter if your spam registrations are fairly new?

This may be why it hasn’t started cleaning up the failed transactions in the database then as it’s not been over a week yet.

Added to your themes functions.php file will change the cleanup to remove transactions over 1 day old.

I’ll get this added to my local version with a fresh install of the database from production and see how this works, if this does the trick I’ll use this instead of manipulating the database directly.

The SQL snippets provided were run locally and seemed to drastically clean up the database records to a point they were almost identical to my local development version of the site.

June 22, 2016 at 2:30 am

Are you also able to confirm when the filter function you provided is run/triggered?

June 22, 2016 at 2:36 am

I’ve found where about’s you’re calling that filter in the plugin, do we need to remove the transactions that are TFL first as the line items are dependant on them?

Support Staff

June 22, 2016 at 2:54 am

Are you also able to confirm when the filter function you provided is run/triggered?

I’m not sure what you mean? The filter is used then the function is called so you can alter the time used by that function.

I’ve found where about’s you’re calling that filter in the plugin, do we need to remove the transactions that are TFL first as the line items are dependant on them?

When running the SQL command manually? Yes.

DELETE FROM wp_esp_transaction WHERE STS_ID = 'TFL' AND TXN_timestamp > '2016-06-16 02:00:00'

Removes the failed transactions from the DB.

DELETE li from wp_esp_line_item li LEFT JOIN wp_esp_transaction t ON t.TXN_ID=li.TXN_ID WHERE t.TXN_ID IS NULL

Removes the line items that are no longer linked to a transaction (because you just deleted them).

The cleanup function within EE does this for you (in the correct order) but if your transactions are less than 1 week old then no transactions will have been removed and so no line items will be removed.

Adding:

add_filter( 'FHEE__EEM_Line_Item__delete_line_items_with_no_transaction__time_to_leave_alone', 'ee_leave_line_items_alone_for_only_1_day');
function ee_leave_line_items_alone_for_only_1_day( $original_time_to_leave_alone ) {
return DAY_IN_SECONDS;
}

To your themes functions.php file should set that time limit to 1 day. If you then run the cron mentioned above with that filter in place it should remove failed transactions the are more than a day old.

If not you may need to load the above function within a Site Specific Plugin as functions.php may be loading too late.

June 22, 2016 at 3:38 am

I’ve added the filter into my local copy of the codebase, ran the cron job manually with WP Crontrol and waited for it to tick over itself manually.

The tables in the database didn’t reduce in size or remove any records.
I updated this function within the plugin itself to see if it would make any difference instead of relying on a filter:

public function delete_line_items_with_no_transaction(){
		/** @type WPDB $wpdb */
		global $wpdb;
		$time_to_leave_alone = apply_filters(
			'FHEE__EEM_Line_Item__delete_line_items_with_no_transaction__time_to_leave_alone', DAY_IN_SECONDS
		);
		$query = $wpdb->prepare(
				'DELETE li
				FROM ' . $this->table() . ' li
				LEFT JOIN ' . EEM_Transaction::instance()->table(). ' t ON li.TXN_ID = t.TXN_ID
				WHERE t.TXN_ID IS NULL AND li.LIN_timestamp < %s',
				// use GMT time because that's what TXN_timestamps are in
				gmdate(  'Y-m-d H:i:s', time() - $time_to_leave_alone )
				);
		return $wpdb->query( $query );
	}

Which didn’t make any difference to the database either. (Plugin as been reverted back to normal with no changes in place.)

I’ve just noticed another small development in regards to the transactions table. to give some insight, we disabled EE4 yesterday morning around 10AM. I’ve just looked at the very end of the database table wp_esp_transaction and the extra transactions stopped until we re-enabled the plugin. but once we re-enabled it. it wasn’t as consistent as it was before we disabled it. Two images below for you to look at

Before disabling

After disabling but in maintenance mode.

Not sure if this helps help diagnose the issue a bit more. We have one live event but it’s not publicised and the booking page isn’t public either so no one can sign up. Any idea what might be causing the new transactions to appear in the database?

Apologise for the difficulty of this one, and we appreciate all the help so far. Hopefully we’ll get to the bottom of this soon.

Many thanks

Re-enabled but in maintenance mode

June 22, 2016 at 3:41 am

Before disabling

Support Staff

June 22, 2016 at 5:05 am

I realized the filter provided above only alters the time for line items, the transactions are still within the database so even changing the time_to_leave_alone on that function will not help.

We need to do both the transactions and the line items, so try this:

function ee_leave_line_items_alone_for_only_1_day( $original_time_to_leave_alone ) {
	return DAY_IN_SECONDS;
}

add_filter( 'FHEE__EEM_Line_Item__delete_line_items_with_no_transaction__time_to_leave_alone', 'ee_leave_line_items_alone_for_only_1_day');
add_filter( 'FHEE__EEM_Transaction__delete_junk_transactions__time_to_leave_alone', 'ee_leave_line_items_alone_for_only_1_day');

That sets the time to leave for both Transactions, and line items to 1 day.

With that filter in place of the other, run the cron job manually again, does it remove any of the transactions/line items in the DB?

June 22, 2016 at 5:37 am

Put the filters in and run the cron job, which seemed to go really fast. I’ve navigated to the public part of the site to see if the homepage loads correctly. It’s still loading so it may be doing something in the back ground, the database hasn’t changed yet but we shall see what happens shortly. I’ll leave it to load and get back to you shortly hopefully.

Out of interest, theres nothing that could cause EE to add a new failed transaction on page load by any chance? Sounds strange I know, but the rate at which the records were added seems incredibly high.

Whilst looking at the wp_esp_transaction table structure, I noticed that the table doesn’t have a primary key column set or an auto incrementing column. Would this be able to cause and issue with site speed?

Support Staff

June 22, 2016 at 6:24 am

Out of interest, theres nothing that could cause EE to add a new failed transaction on page load by any chance? Sounds strange I know, but the rate at which the records were added seems incredibly high.

Failed transactions are created when the ticket ticket selector form is submitted so it might be possible if your using caching. I’ll check with the developers on this and see what they say.

Whilst looking at the wp_esp_transaction table structure, I noticed that the table doesn’t have a primary key column set or an auto incrementing column. Would this be able to cause and issue with site speed?

What version of EE4 are you using?

June 22, 2016 at 6:35 am

EE version is 4.9.1.p

Good shout about caching potentially causing an issue. I’ll see if i can get the critical pages ignored from the cache and see if that makes a different.

As a side-note my local one still hasn’t loaded. from almost an hour ago

June 22, 2016 at 6:43 am

Just checked the production database and the transaction table has the primary keys set etc. so that’s a non-issue now.

Support Staff

June 22, 2016 at 6:48 am

EE version is 4.9.1.p

wp_esp_transactions should have TXN_ID which auto increments – http://take.ms/Cfazq

That field is also the primary key for that table (you can spot Primary Key’s if the column name is underlined within phpMyAdmin)

June 22, 2016 at 7:00 am

We’re going to investigate that this issue is potentially being caused by the caching system in place on the site.
W3TC is the plugin being use currently as a reference. Thank you for the help so far. We’ll report back with anything we find when we find it.

https://eventespresso.com/wiki/setup-nocache-exclusion-rules-event-espresso/

Support Staff

June 22, 2016 at 7:03 am

We have a guide to excluding EE critical pages from caching here:

You’ll also need to exclude any page that includes the ticket selector from caching too.

You could also try clearing the cache, disable caching within W3TC completely and monitor the transactions to confirm if they still happen then.

June 22, 2016 at 7:08 am

Looking at that page now, I’ve setup the excludes on the cache system, including the ticket selector pages.

Thank you for the help, will confirm if this is the issue soon.

June 22, 2016 at 7:53 am

W3TC is fully deactivated at the moment.
Blackhole bad bots is active

We’re monitoring the database whilst all this is active and we’re seeing the tables still getting rows added to them, on the line_items is averaging around 100rows a minutes.

I’ve also unpublished the event, so on the backend it’s saved as draft, but the rows are still being added to the database.

If i go into maintenance mode the rows are no longer being added to the database.

This is becoming very strange, was hoping that the cache system would be the issue but that doesn’t seem to be the case currently.

Any other suggestions of what might be causing the site to automatically add rows to the line_items and transaction tables?

June 22, 2016 at 10:21 am

Support Staff

In order to answer your question, it will be helpful to be able to see the actual data that’s getting added.

June 22, 2016 at 10:29 am

For both images I’ve done the most recent page in the table so it’s the most up to date records.

Transaction table

Line item table

If you need anymore let me know.

Thank you

June 22, 2016 at 11:21 am

Support Staff

Can we take a look at the database?

If so can you please send temporary login details using this form:

https://eventespresso.com/send-login-details/

Note in this case we’ll need both admin and ftp details as we will need to install a plugin to dig a little deeper.

June 23, 2016 at 3:05 am

Details have been sent via the form supplied.

Can you let us know when you’re going to start investigating please?

Support Staff

June 23, 2016 at 9:06 am

We can take a look sometime today.

Support Staff

June 23, 2016 at 1:38 pm

Can you guys check the POST requests in server logs? You do a simple search for the word “POST” and check for the same thing POSTing to your site over and over.

June 24, 2016 at 2:18 am

We’re going to look over our logs now, will report any strange behaviour.
Can we remove your credentials to the server now?

June 24, 2016 at 5:16 am

From what we can tell there’s nothing in the logs pointing to Event espresso being targeted via post requests.

Was you able to find anything out aside from asking us to check the logs?

Any suggestions on where we can go from here?

Many thanks for all the help so far.

June 24, 2016 at 10:20 am

Support Staff

Some of the things we found were when Maintenance mode is activated, only a few of the rogue transactions get added to the database. Then when Maintenance mode is deactivated, many of them start getting added. You can also see more information if you go to the Bad Behavior > Logs page.

Going forward I can suggest contacting your host to see if they can adjust the firewall to prevent these requests from slipping through.

June 27, 2016 at 4:16 am

Josh,

Not entirely sure why you are pushing this onto the host at this point? We did contact the host though and here is the response:

“The firewall on the server would only protect against someone accessing a particular port on the server. So for example, if you don’t want someone to access port 3306 (mysql) we can block it off and then no one can connect to it. If the issue is a particular URL that is being abuse then this would be protected by the developers using something like .htaccess for example. URL based protection is not something a port filtering firewall does in the context of your server.”

Could you let us know what triggers those table updates from the front-end? What we would like to do is check whether there is a template file that could be firing multiple times to eliminate another potential issue.

Many thanks.

June 27, 2016 at 5:28 am

Another thing we have noticed.

If you land on the ticket selection page and instantly click submit, this creates a new entry (Ajax submission), then click submit again, it creates a new entry with a qty of 1… I think the book now form is what is currently being spammed and in turn causing the mass of TFL entries.

I just manually went to the page, clicked register now 10 times before the JS had time to set the QTY to default option of 1 and I was able to get it to create 10 new entries by doing this.

June 27, 2016 at 10:21 am

Support Staff

Did someone on your team add the JS to set the QTY? Normally you can just set the ticket minimum to 1 in the ticket editor and EE will set the default QTY to 1.

In either case, I’d recommend removing the JS.

June 27, 2016 at 1:18 pm

Are your team currently on the site?

Support Staff

June 27, 2016 at 1:37 pm

No.

June 27, 2016 at 1:45 pm

An update… There is a piece of JS in there to remove the 0 qty option as the ticket minimum wasn’t setting the QTY to 1 on page load. So we removed the 0 option once the page was ready; unfortunately, this allows time for a submission to happen creating the first entry, then clicking again once set, creates another with QTY of 1.

Due to the nature of the site, there is no simple way of fire-walling x amount of traffic which are unknown, but the database gets inundated with data and this is what we are trying to resolve at the moment. Have you found anything else at this stage as all we can find is that the ticket selector seems to get spammed?

Below is the simple method that injects the JS for the ticket selector and can be found in “themes/Site/inc/event_espresso.php”.

function ee_default_ticket_selector_one_all_events() {
  ?>
  <script type="text/javascript">
    jQuery(document).ready(function () {
      jQuery('[id^=ticket-selector-tbl-qty-slct-]').find("option[value='0']").remove();
    });
  </script>
  <?php
}
add_action( 'wp_footer', 'ee_default_ticket_selector_one_all_events' );

As you can see this merely removes the 0 qty option so that the field defaults to 1.

We really need to get to the bottom of this as these were due to go-live yesterday.

Is there anything else you can suggest at this point?

June 27, 2016 at 1:46 pm

I only asked about your team being on the site as the event page was locked to the EE Team user that we setup for you.

Support Staff

June 27, 2016 at 1:59 pm

Someone might have left a tab open. Sorry about that.

June 28, 2016 at 2:11 am

Did you see our other message regarding the javascript?

Many thanks.

Support Staff

June 28, 2016 at 7:22 am

Yes, and I recommend removing the JavaScript that alters the Ticket Selector and instead use the checkbox in the ticket editor to make the ticket required. When you set the ticket to be required, it removes the 0 option using PHP, so you will not need to use the JavaScript.

June 28, 2016 at 7:30 am

So other than this can you confirm what will rectify the actual issues we are seeing at the moment with the large influx of TFL and in turn the line items entries taking place? I beg to differ that this javascript is the cause of the issues as the issues were happening well before this was put in place.

Support Staff

June 28, 2016 at 7:38 am

> I beg to differ that this javascript is the cause of the issues

Did I write that the JS you added was the cause of the issues?

> can you confirm what will rectify the actual issues we are seeing at the moment with the large influx of TFL and in turn the line items entries taking place?

Since we don’t know *exactly* what is added those (we suspect they are bots), the way forward is to block those bots. One possible solution is to use a tool like CSF to block any specific IPs that are hammering your site.

How it works is you set the iptables rules for you based on x or y
(e/g. 200 connections in 3 mins, block the ip for an hour, if blocked 10 times, permanently block it) and so on.

June 28, 2016 at 8:00 am

My apologies, wrong terminology.

I will talk with the hosting company further although I am still concerned that there is something more here. While we have CSF active on our servers, I am not 100% sure on the clients current host.

I will update you once I hear back from the hosting company. Thank you for your time.

June 28, 2016 at 10:33 am

Hi Josh, here is a response from the hosting company.

—
We don’t run ConfigServer, but we do run fail2ban monitoring failed logins and doing some checks for bots and banning them if found or logins fail.

With regards to something like they’re suggesting, its very unlikely to help the situation (although I’ve not looked through the logs myself) most bots these days do not send multiple concurrent requests from the same IP address but cycle through thousands of these addresses, if one was to be banned they would switch to another. I would need to check on the compatibility between CSF and Plesk, but can investigate this if you want.

Whilst I do understand where they’re coming from I’m not convinced adding something like this will actually stop the problem from recurring.
—

Thank you.

Support Staff

June 28, 2016 at 4:07 pm

We’ll be more than happy to look through the logs to find out more about the situation.

June 29, 2016 at 5:02 am

Hi Josh,

How would you like these sent over?

Thanks.

Support Staff

June 29, 2016 at 2:39 pm

You can email them to our support at eventespresso.com email address.

June 30, 2016 at 2:42 am

Email sent with a link to a dropbox folder.

Thanks.

June 30, 2016 at 10:52 am

Support Staff

Thanks. If they haven’t been already, it’d be good to ban 195.154.235.105.

Also, can you go into the wp-config.php and add this line of code before the line where it says “stop editing”?

define('DISABLE_WP_CRON', 'true');

June 30, 2016 at 1:38 pm

Josh, we have banned this ip in WordPress (not on a server level).

We have disabled the cron on the live instance and not as part of our version control for the moment. Is there anything else to do next? Or should we now try taking EE out of maintenance mode?

With this disabled there are regular tasks that are not going to run going forward, so I assume this is a temporary solution?

Many thanks.

Support Staff

June 30, 2016 at 1:39 pm

It’s temporary, and not a solution, only for troubleshooting.

Support Staff

June 30, 2016 at 1:44 pm

Okay you can re-enable the cron. Thanks.

June 30, 2016 at 2:03 pm

No problem. This has been re-enabled.

Support Staff

July 1, 2016 at 8:29 am

Brent (the lead developer of Event Espresso) is going to put together some logging code for the TXN class constructor. This will help find out how those TXNs are getting created.

July 1, 2016 at 9:25 am

Thank you for the update.

July 4, 2016 at 9:31 am

Hey guys, just wanted to check whether there was any update on this at the moment?