Hello all,
Got the fraud message tonight. Not sure why, but vm couldn't conclude that it had a valid ip address for paypal.
I would like to hard code these addresses in but I'm not sure how to change the notify.php file to do it.
Any help would be greatly appreciated.
G'day,
I don't think they have changed. What was the message and from what IP address did it come from?
I've beem getting this as well.
Last night and this morning.
QuoteError code 506. Possible fraud. Error with REMOTE IP ADDRESS = 216.113.188.202.
The remote address of the script posting to this notify script does not match a valid PayPal ip address
These are the valid IP Addresses: 64.4.241.49,
66.211.169.65,
66.211.169.2,
64.4.241.33,
66.211.170.66,
216.113.188.202 is a valid address.
https://www.paypal.com/IntegrationCenter/ic_go-live.html (https://www.paypal.com/IntegrationCenter/ic_go-live.html)
G'day,
My notify.php does not have a list of ip address's, it uses www.paypal.com and notify.paypal.com and turns them into an IP and then compares that, so there is no list to maintain.
QuoteG'day,
My notify.php does not have a list of ip address's, it uses www.paypal.com and notify.paypal.com and turns them into an IP and then compares that, so there is no list to maintain.
Mine to.
But it's not working. The quote I gave is the email generated by notify.php.
The list of vailid ip's is
64.4.241.49,
66.211.169.65,
66.211.169.2,
64.4.241.33,
66.211.170.66,
Yet 216.113.188.202 does resolve to notify.paypal.com
Same here.
This is the message I got,
Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 216.113.188.202.
The remote address of the script posting to this notify script does not match a valid PayPal ip address
These are the valid IP Addresses: 64.4.241.33,
64.4.241.49,
66.211.169.2,
66.211.169.65,
66.211.170.66,
The Order ID received was: -95_71a9b7a9921a76e6404101987365
but my notify says it uses www.paypal.com, I want to hard code the ip addy's in so VM doesn't panic and send that message anymore.
Quote from: shoconnor on March 11, 2010, 16:32:15 PM
Same here.
This is the message I got,
Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 216.113.188.202.
The remote address of the script posting to this notify script does not match a valid PayPal ip address
These are the valid IP Addresses: 64.4.241.33,
64.4.241.49,
66.211.169.2,
66.211.169.65,
66.211.170.66,
The Order ID received was: -95_71a9b7a9921a76e6404101987365
but my notify says it uses www.paypal.com, I want to hard code the ip addy's in so VM doesn't panic and send that message anymore.
Found this after a bit of a search:
Quote
In order to resolve this, I dove into the notification script at administrator/components/com_virtuemart/notify.php to see how it was determining what constituted a "fraudulent" IP address. Here's what I found:
$paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2 );
Further down in the code, the array $paypal_iplist is looped and if $_SERVER['REMOTE_ADDR'] doesn't match, it's considered a fraudulent transaction. What I ended up doing was adding an extra line and explicitly added this new IP:
$paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2 );
$paypal_iplist[] = '216.113.188.202';
Even though notify.paypal.com routes to this ip.
Hope this helps.
I searched this topic last night and did not find this.
Thank you very much, I'll add it and let everyone know what happens.
Cheers.
Nice one.
I have this now.
Quote$paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2 );
$paypal_iplist[] = '216.113.188.202';
$paypal_iplist[] = '216.113.188.203';
$paypal_iplist[] = '216.113.188.204';
As the second two are also listed as valid on Paypals site.
https://www.paypal.com/IntegrationCenter/ic_go-live.html (https://www.paypal.com/IntegrationCenter/ic_go-live.html)
G'day,
At a guess and it is only a guess, PP have added a new ip address or two and the dns servers you use are out of date.
Beware of hard coding.
More...
Yeah, paypal has done something to their dns...
mike@shark:~$ dig notify.paypal.com A
; <<>> DiG 9.6.1-P2 <<>> notify.paypal.com A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25730
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;notify.paypal.com. IN A
;; ANSWER SECTION:
notify.paypal.com. 600 IN A 66.211.170.66
;; Query time: 206 msec
;; SERVER: 192.158.202.130#53(192.158.202.130)
;; WHEN: Thu Mar 11 21:05:37 2010
;; MSG SIZE rcvd: 51
As you can see notify.paypal.com only has 1 ip address and it should have all those others or that page is wrong at paypal.
So Stinga, what does this mean?
Should I leave things as they are and not code in the ip address or should I leave things as they are AND code in the ip address?
or
Is there a better way so I don't freak out the store's owner over a bad fraud message?
I admit, I am not wise in the ways of ip addresses. Arghhhh!
Unfortunately I have the same problem which appeared yesterday late night
My customers could not download the module after paying :(
I get the following email after payment:
Quote
Object : PayPal IPN Transaction on your site: Possible fraud
**************************
Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 216.113.188.202.
The remote address of the script posting to this notify script does not match a valid PayPal ip address
These are the valid IP Addresses: 64.4.241.49,
66.211.169.2,
66.211.169.65,
64.4.241.33,
66.211.170.66,
The Order ID received was: 83_61813ff455500fecceb156196fc4f
I contacted Paypal support and they told me to contact my hoster :(
I don't know what to do please help :(
Same issue here: after the "PayPal IPN Transaction on your site: Possible fraud" message, the status of the orders are not updated (the first not updated order was in 2010-03-11 14:55 GMT+1).
Backup then open this file in a text editor.
/administrator/components/com_virtuemart/notify.php
Find this code
Quote// Get the list of IP addresses for www.paypal.com and notify.paypal.com
$paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2 );
And replace it with
Quote// Get the list of IP addresses for www.paypal.com and notify.paypal.com
$paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2 );
$paypal_iplist[] = '216.113.188.202';
$paypal_iplist[] = '216.113.188.203';
$paypal_iplist[] = '216.113.188.204';
Then save and ipns will work again.
The main reason Paypal advise against hardcoding ip's is in case they change in future.
But if their DNS can't keep up it doesn't help us merchants.
Virtuemart is not at fault here.
It is gathering the valid ip address's in the paypal recommended way.
At some point in the future it should be possible to go back to the original code.
What matters at present is that our shops work
Thank you gripped
I made these changes and I'm waiting for the next order to see if all it's OK
Best regards
Amorino
www.modules.idealconception.com
Hello gripped
I do confirm it works now After the modifications given by gripped!
I just received 2 orders now and all is ok ;)
Thank's a lot
Amorino
www.modules.idealconception.com
G'day,
I am working an a change to notify.php.
It would be better to take the ip address and turn it into host name using gethostnamebyaddr, then compare the output with notify and www, this will then always work, since PP don't seem to know what is wrong or are not going to fix it.
Please verify: for me, without making changes, the orders of today restarted to work fine with auto change of status.
G'day all,
I just my code to...
if( PAYPAL_DEBUG != "1" ) {
/*stinga*/
$paypal_sandbox_hostname = 'ipn.sandbox.paypal.com';
$remote_hostname = gethostbyaddr( $_SERVER['REMOTE_ADDR'] );
$valid_ip = false;
if( $paypal_sandbox_hostname == $remote_hostname )
{
$valid_ip = true;
$hostname = 'www.sandbox.paypal.com';
}
else
{
if ($remote_hostname == 'www.paypal.com' or $remote_hostname == 'notify.paypal.com')
{
$valid_ip = true;
}
$hostname = 'www.paypal.com';
}
if( !$valid_ip ) {
In other words turn the client ip address (paypal) into FQDN and compare it against notify.paypal.com and www.paypal.com, if it matches then set valid_ip to true.
This saves having to maintain the list of ip addresses.
Hello,
Could you tell me please, where to put this code exactly Stinga?
Best regards
notify.php
Look for line
if( PAYPAL_DEBUG != "1" ) {
and replace everything upto
if( !$valid_ip ) {
And you should be OK, test well, if you make an error your order will not change status, but everything else will be OK.
Thanks a lot
I'll test it today :)
Best regards
amorino
www.modules.idealconception.com
G'day all,
Got an email today from PP saying they had fixed their DNS, so things should work again...
; <<>> DiG 9.3.1 <<>> notify.paypal.com A
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51117
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;notify.paypal.com. IN A
;; ANSWER SECTION:
notify.paypal.com. 600 IN A 66.211.170.66
;; AUTHORITY SECTION:
paypal.com. 40 IN NS ppns1.phx.paypal.com.
paypal.com. 40 IN NS ppns2.den.paypal.com.
paypal.com. 40 IN NS ppns2.phx.paypal.com.
paypal.com. 40 IN NS ppns1.den.paypal.com.
;; ADDITIONAL SECTION:
ppns1.phx.paypal.com. 1311 IN A 66.211.168.226
ppns1.den.paypal.com. 1311 IN A 216.113.188.121
ppns2.phx.paypal.com. 1311 IN A 66.211.168.227
ppns2.den.paypal.com. 114 IN A 216.113.188.122
;; Query time: 143 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Mar 17 22:23:29 2010
;; MSG SIZE rcvd: 203
Other than they don't have the .202 address in there, but maybe they are not going to use that one now!
Stinga / all,
PayPal lists their IP addresses here: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/howto_api_golivechecklist
Using gethostbyaddr() is not safe because a DNS server can be set to reply with an incorrect hostname.
Here is the code I use to valid Paypal IP:
if( PAYPAL_DEBUG != "1" ) {
// List of valid PayPal IP addresses
$paypal_iplist = array('64.4.241.16', '64.4.241.32','64.4.241.33','64.4.241.34','64.4.241.35','64.4.241.36',
'64.4.241.37','64.4.241.38','64.4.241.39','216.113.188.32','216.113.188.33','216.113.188.34','216.113.188.35',
'216.113.188.64','216.113.188.65','216.113.188.66','216.113.188.67','66.211.169.2','66.211.169.65' );
$notify_iplist = array('216.113.188.202','216.113.188.203', '216.113.188.204', '66.211.170.66');
$paypal_iplist = array_merge( $paypal_iplist, $notify_iplist );
$paypal_sandbox_hostname = 'ipn.sandbox.paypal.com';
$remote_hostname = gethostbyaddr( $_SERVER['REMOTE_ADDR'] );
$valid_ip = false;
if( $paypal_sandbox_hostname == $remote_hostname ) {
$valid_ip = true;
$hostname = 'www.sandbox.paypal.com';
}elseif(in_array($_SERVER['REMOTE_ADDR'], $paypal_iplist)) {
$valid_ip = true;
$hostname = 'www.paypal.com';
}else{
debug_msg( "Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = ".$_SERVER['REMOTE_ADDR'].".
The remote address of the script posting to this notify script does not match a valid PayPal ip address\n" );
$mailsubject = "PayPal IPN Transaction on your site: Possible fraud";
$mailbody = "Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = ".$_SERVER['REMOTE_ADDR'].".
The remote address of the script posting to this notify script does not match a valid PayPal ip address\n
These are the valid IP Addresses: $ips
The Order ID received was: $invoice";
vmMail( $mosConfig_mailfrom, $mosConfig_fromname, $debug_email_address, $mailsubject, $mailbody );
exit();
}
}
Micah
If someone has managed to poison your dns, then you have bigger problems. If someone can circumvent the DNS then they can spoof the IP address well.
They list the IP address and they also said, don't use IP address's since they might change.