Admin accounts getting deleted suddenly

I use NopCommerce ver.4.3

A User in Administrator role suddenly got deleted for no reason. The Account not even exists in the Customer table. I checked the Delete Guests scheduled task as suggested in other thread.

https://www.nopcommerce.com/en/boards/topic/82774/account-got-deleted#267063

And I noticed that the task is running normally, but not deleting the guest accounts. Why is that?
And how to find the root cause of Admin accounts getting deleted?

RE: "Account not even exists in the Customer table. "
Manual deletes will leave the record and set Deleted = 1.  So so it must either be the delete guest task, or some external source.  Did this just happen to one user, or is it happening often? You could create a Trigger on the DB table, to 'log' info about it.

RE: "...task is running normally, but not deleting the guest accounts"
That seems to be another issue.  
What is your value for setting
customersettings.deleteguesttaskolderthanminutes  1440(is default)

New York wrote:

Not very often, but we noticed it 2 times upto now. It has even deleted the Activity Log records of the particular customer.

New York wrote:
Yes, it has the default value (1440 min).
But the scheduled task is planned to run in every 3600 seconds.
What are those two values?  Sounds contradictory to each other

RE: "It has even deleted the Activity Log records of the particular customer."
The Activity log is:
Activity log type  :   Delete a customer
Customer Email:     (This is the user/customer that did the delete; is this one of your admins?)
IP address:                 (This is the IP address of the user that did the delete; is this one of yours?)
Message:                    Deleted a customer (ID = nnn)           - (
Created On                (Is it happening during business hours?  When the sched task is running?)


scheduled task ... run in every 3600 seconds
     The frequency (how often) to run the task
customersettings.deleteguesttaskolderthanminutes
     How far back to go to delete guest records (based on their create date) - 1440 minutes = 1 day

This is the first thing you should check I believe because the activity logs are not cleared automatically.
New York wrote:

Apart from this, can you please confirm that there is no API or such code in your project using which someone could do this easily from browser or any API client?
There is no such code in nopCommerce which would result in this type of behaviour.

Best regards,
Atul Rungta

New York wrote:
There is no record exists for "Delete a customer" Activity Log type in ActivityLog table, and the particular customer id record is missing in the customer table. So it's clear, this is not something like manual deletion from Admin panel. So only thing we can think of is the "Delete Guest" scheduled task.

So in order to confirm that I created a test user, removed Registered role and applied  Admin & Guest roles to him, then did let the "Delete Guest" task to run. After the task run successfully still the user exists, So I could not recreate issue..!

nopAdvance.com wrote:

There is no such customized API calls accepting into or calling from the project source code. It's just the plain NC source.
We have following plugins running in the system but could that be a reason?

- Paypal Smart payment button
- FoxNetSoft - Tracking Code Manager
- Google Analytics
- Store Locator

The scenario that you told doesn't justifies anything because honestly, I don't see anything in nopCommerce doing this.
However, as you mentioned that the records are hard deleted then it means that there should be something happening on the database and on your server.

Completely clueless unless someone doesn't looks at your server, database and nopCommerce installation. Could be a security issue.

Best regards,
Atul Rungta