Paypal ERROR checkPaypalIps: Error with REMOTE IP ADDRESS

[tantedante]

Hello,
I use VirtueMart 3.0.2 in a Joomla 3.3.6 site.
Yesterday I got a mail, that there is an error with one paypal payment.
That is the content of the "paypal.2.log.php" log:

Code: [Select]

#
#
2015-10-15 19:23:58 ERROR checkPaypalIps: Error with REMOTE IP ADDRESS = 173.0.81.1, 10.19.1.100.
                        The remote address of the script posting to this notify script does not match a valid PayPal IP address
            These are the valid IP Addresses: 23.57.113.223,173.0.81.1,173.0.81.33,216.113.188.202,216.113.188.203,216.113.188.204,66.211.170.66,173.0.88.66,173.0.88.98,173.0.84.66,173.0.84.98,173.0.80.00,173.0.80.01,173.0.80.02,173.0.80.03,173.0.80.04,173.0.80.05,173.0.80.06,173.0.80.07,173.0.80.08,173.0.80.09,173.0.80.10,173.0.80.11,173.0.80.12,173.0.80.13,173.0.80.14,173.0.80.15,173.0.80.16,173.0.80.17,173.0.80.18,173.0.80.19,173.0.80.20,173.0.82.126,173.0.88.67,173.0.88.99,173.0.84.99,173.0.84.67,173.0.88.69,173.0.88.101,173.0.84.69,173.0.84.101,173.0.88.68,173.0.88.100,173.0.84.68,173.0.84.100,173.0.81.1,173.0.81.33,64.4.240.0,64.4.240.1,64.4.240.2,64.4.240.3,64.4.240.4,64.4.240.5,64.4.240.6,64.4.240.7,64.4.240.8,64.4.240.9,64.4.240.10,64.4.240.11,64.4.240.12,64.4.240.13,64.4.240.14,64.4.240.15,64.4.240.16,64.4.240.17,64.4.240.18,64.4.240.19,64.4.240.20,118.214.15.186,118.215.103.186,118.215.119.186,118.215.127.186,118.215.15.186,118.215.151.186,118.215.159.186,118.215.167.186,118.215.199.186,118.215.207.186,118.215.215.186,118.215.231.186,118.215.255.186,118.215.39.186,118.215.63.186,118.215.7.186,118.215.79.186,118.215.87.186,118.215.95.186,202.43.63.186,69.192.31.186,72.247.111.186,88.221.43.186,92.122.143.186,92.123.151.186,92.123.159.186,92.123.163.186,92.123.167.186,92.123.179.186,92.123.183.186The Order ID received was: 420d028

2015-10-16 00:20:24 ERROR checkPaypalIps: Error with REMOTE IP ADDRESS = 173.0.81.1, 10.19.1.100.
                        The remote address of the script posting to this notify script does not match a valid PayPal IP address
            These are the valid IP Addresses: 23.57.113.223,173.0.81.1,173.0.81.33,216.113.188.202,216.113.188.203,216.113.188.204,66.211.170.66,173.0.88.66,173.0.88.98,173.0.84.66,173.0.84.98,173.0.80.00,173.0.80.01,173.0.80.02,173.0.80.03,173.0.80.04,173.0.80.05,173.0.80.06,173.0.80.07,173.0.80.08,173.0.80.09,173.0.80.10,173.0.80.11,173.0.80.12,173.0.80.13,173.0.80.14,173.0.80.15,173.0.80.16,173.0.80.17,173.0.80.18,173.0.80.19,173.0.80.20,173.0.82.126,173.0.88.67,173.0.88.99,173.0.84.99,173.0.84.67,173.0.88.69,173.0.88.101,173.0.84.69,173.0.84.101,173.0.88.68,173.0.88.100,173.0.84.68,173.0.84.100,173.0.81.1,173.0.81.33,64.4.240.0,64.4.240.1,64.4.240.2,64.4.240.3,64.4.240.4,64.4.240.5,64.4.240.6,64.4.240.7,64.4.240.8,64.4.240.9,64.4.240.10,64.4.240.11,64.4.240.12,64.4.240.13,64.4.240.14,64.4.240.15,64.4.240.16,64.4.240.17,64.4.240.18,64.4.240.19,64.4.240.20,118.214.15.186,118.215.103.186,118.215.119.186,118.215.127.186,118.215.15.186,118.215.151.186,118.215.159.186,118.215.167.186,118.215.199.186,118.215.207.186,118.215.215.186,118.215.231.186,118.215.255.186,118.215.39.186,118.215.63.186,118.215.7.186,118.215.79.186,118.215.87.186,118.215.95.186,202.43.63.186,69.192.31.186,72.247.111.186,88.221.43.186,92.122.143.186,92.123.151.186,92.123.159.186,92.123.163.186,92.123.167.186,92.123.179.186,92.123.183.186The Order ID received was: 670e029
That's the current content of the log, first there was only one entry.
I looked into the Orders and saw, that the last order with paypal was pending. The other orders before with paypal were confirmed.
So I just tried my own shop and buyed something with paypal.
On the frontend everything worked as it should and I got a mail from paypal, that I payed to my shop.
But on the backend I got the second entry in the log and my Order has also the status pending.

I've googeled this error and found a solution, that said, that I should change some code in backend... But to be honest, I would prefer to don't manually change the coding of virtuemart :/
https://www.rupostel.com/phpBB3/viewtopic.php?f=5&t=1070

It's quite confusing, because all the other orders before just worked normal...
I would be glad, If you could look into this.
Thank you!

[jenkinhill]

Your VirtueMart and Joomla versions are seriously out of date and are known to be insecure, so you should update. Current latest versions are VM3.0.11 and Joomla 3.4.4. Of course, test updates first on a backup of your site.  http://forum.virtuemart.net/index.php?topic=118683.0

The Paypal plugin has been updated several times since VM3.0.2 to work better.

[tantedante]

I've now updated to Joomla 3.4.4 and Virtuemart 3.0.10
I got no VM 3.0.11 as I downloaded the current version from the frontpage O.o

But the problem stays the same. I just tried it again and I get the same error in the logs and the status is pending, even tho I have payed with paypal.

[GJC Web Design]

Your problem is exactly as Stan (Rupostel) describes it... your working thru a proxy and have a comma separated list of ips instead of a single ip so the check fails

Error with REMOTE IP ADDRESS = 173.0.81.1, 10.19.1.100.

And Stans code will fix it

add it in \plugins\vmpayment\paypal\paypal\helpers\paypal.php

chked 3.0.10 and the code is the same as Stan describes - will fail on 2 or more ips - all it is doing is detecting the comma and checking the ip individually

[John2400]

Hi I'm now getting this error as well.


Version virtuemart 3.0.12 Joomla 3.4.8 PHP 5.5


Had no issue ever  and have not changed anything as of 3 weeks.?


Any suggestions as  or should I go with GJC suggestion  from October.


yes an odd sale changes the status or is accepted and moves from pending to confirmed. my logs .. look almost the same as [/size]tantedante's

[GJC Web Design]

so definitely the error shows that your ip is a comma separated list?

e.g.  Error with REMOTE IP ADDRESS = 173.0.81.1, 10.19.1.100.

[John2400]

Yes a long list of ip addresses separated by commas.


Exactly like the initial post. Below.


All associated with PayPal..

[GJC Web Design]

I mean the 1st line of the error
Error with REMOTE IP ADDRESS = 173.0.81.1, 10.19.1.100.

I have never seen more than 2.. post the full error

[John2400]

OK, I see what you mean in regards to two IPs. with commas
 But I'm getting repeated IPs rejected and not triggering the status from pending to confirmed.

I personally know some of these clients so they are not ....fake.

#
#<?php die("Forbidden."); ?>

2016-01-03 21:47:47 ERROR checkPaypalIps: Error with REMOTE IP ADDRESS = 72.14.199.160.
                        The remote address of the script posting to this notify script does not match a valid PayPal IP address

            These are the valid IP Addresses: 64.4.249.19,173.0.81.1,173.0.81.33,216.113.2016-01-04 02:37:00


ERROR checkPaypalIps: Error with REMOTE IP ADDRESS = 101.184.213.80.
                        The remote address of the script posting to this notify script does not match a valid PayPal IP address

            These are the valid IP Addresses: .123.183.186 ...............The Order ID received was: 3DQ30162


2016-01-12 03:25:59

ERROR checkPaypalIps: Error with REMOTE IP ADDRESS = 208.115.113.83.
                        The remote address of the script posting to this notify script does not match a valid PayPal IP address

            These are the valid IP Addresses: 23.198.113.104,173.02016-01-12 09:17:11

ERROR checkPaypalIps: Error with REMOTE IP ADDRESS = 49.199.19.28.
                        The remote address of the script posting to this notify script does not match a valid PayPal IP address

            These are the valid IP Addresses: 104.114.161.73,173.0.81.33,173.0.81.1,216.113.188.202,216.113.188.203,216.113.188.204,66.211.170.66,173.0.88.66,173.0.88.98,173.0.84.66,173.0.84.98,173.0.80.00,173

[GJC Web Design]

but in this case the ip 72.14.199.160 is Google

NetRange:       72.14.192.0 - 72.14.255.255
CIDR:           72.14.192.0/18
NetName:        GOOGLE
NetHandle:      NET-72-14-192-0-1
Parent:         NET72 (NET-72-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Google Inc. (GOGL)
RegDate:        2004-11-10
Updated:        2012-02-24
Ref:            http://whois.arin.net/rest/net/NET-72-14-192-0-1
OrgName:        Google Inc.

the 101.184.213.80 is Aussie but not Paypal

inetnum:        101.160.0.0 - 101.191.255.255
netname:        TELSTRAINTERNET50-AU
descr:          Telstra
descr:          Level 12, 242 Exhibition St
descr:          Melbourne
descr:          VIC  3000
country:        AU

so are the other two

the whole idea is that the IPN post to you should only come from a paypal ip address

e.g.  64.4.249.19


NetRange:       64.4.240.0 - 64.4.251.255
CIDR:           64.4.240.0/21, 64.4.248.0/22
NetName:        PAYPAL-SITE
NetHandle:      NET-64-4-240-0-1
Parent:         NET64 (NET-64-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       AS17012
Organization:   PayPal, Inc. (PAYPAL)

[John2400]

Ok,
So what does that mean.


And why? Are they using a mobile phone and the ip is picked up from it? 


 And is it a customer problem not VM, Joomla, or the server ..

[GJC Web Design]

it is nothing to do with the users
the snippet is checking the ip address from where the PAYPAL IPN POST is coming from..
it has to come from PAYPAL otherwise it is not kosher!

this is nothing to do with the client

I have seen other e.g. confirmation posts from e.g. 3rd party payment gateways being somehow indexed by Google ( normally by Google tracking etc) and resubmitted later ..
i.e. "tested" by Google to check if it is a valid url ..

The payment plugin must be coded to ignore/dump these .. but have never seen Paypal IPN's re-submitted except by potential fraudsters

[John2400]

Thanks,

I'll leave it as 95% look good to me at the moment.  I'll just keep an eye on it as it is new.
Most do the right thing.

again thanks

[encreplus]

Same problem here ...

ERROR checkPaypalIps: Error with REMOTE IP ADDRESS = 199.27.133.126.

VM 3.0.10

[GJC Web Design]

Is it a problem?  .. it has stopped one of your orders as being confirmed from an IP that isn't Paypal.. 

BTW it is a Cloudflare ip

NetRange:       199.27.128.0 - 199.27.135.255
CIDR:           199.27.128.0/21
NetName:        CLOUDFLARENET
NetHandle:      NET-199-27-128-0-1
Parent:         NET199 (NET-199-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       AS13335
Organization:   CloudFlare, Inc. (CLOUD14)

If it was a proxy I think there should be a string of ips rejected...