News:

Looking for documentation? Take a look on our wiki

Main Menu

PayPal IPN remote IP address problem

Started by rob2701, July 12, 2008, 15:41:16 PM

Previous topic - Next topic

rob2701

Thanks for a great product first of all!
I am using VM 1.0.15 on J 1.0.15.

I have a setup where traffic from the outside goes through a reverse proxy to be redirected to a FreeBSD jail, which hold the VM installation.

With PayPal IPN set up well (in PayPal account and VM, I get errors related to the fact that VM seems to return the remote IP address as the internal address of my FreeBSD jail (i.e. 192.168.10.25 instead of my outside IP adress.

Can anyone tell me how and where I can solve this by entering the remote IP somewhere?

Thanks for your help.

rob2701

Half replying to my own unanswered question with a better question :-)

As far as I understand it, the addresses should be of the PayPal servers only, see:
https://ppmts.custhelp.com/cgi-bin/ppdts.cfg/php/enduser/std_adp.php?p_faqid=92&p_created=1122398622&p_sid=DHyfUWKi&p_accessibility=0&p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9MTMmcF9wcm9kcz0wJnBfY2F0cz0mcF9wdj0mcF9jdj0mcF9wYWdlPTEmcF9zZWFyY2hfdGV4dD1JUA**&p_li=&p_topview=1

So the real question is:

Why does the notify.php script insert MY internal IP address into the array that is meant for the PayPal servers?

And more importantly, how do I change it so that this doesn't produce the infamous "possible fraud" error (see below)?

This is what I get with test mode set to NO:

Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 192.168.10.28.
The remote address of the script posting to this notify script does not match a valid PayPal ip address.
These are the valid IP Addresses: 66.211.168.209,
64.4.241.33,
64.4.241.49,
64.4.241.65,
64.4.241.129,
66.211.168.65,
66.211.168.97,
66.211.168.193,
66.211.170.66,

Thanks to anyone who can shed light on this.

rob2701

Please, can anyone help shed some light on this?

The effect of the problem described above is that even with IPN set up correctly in PayPal, the order status ALWAYS remains "Pending", meaning I have to check every payment by hand, and then change the order status by hand.

Which isn't very wonderful, to say the least :-(

rob2701

Gents,
I seem to be the only one offering insight into my own questions :-)
I have put this problem to PayPal's merchent support services, and here is their answer:

1. If your code is doing the post back to PayPal to for IPN validation, there is no reason to check the IP address to confirm it is one of ours.
2. IPN does not use IP checking. We just post to a URL. You will want to look at your code to see how it is getting the IP address as it appears the code is grabbing the wrong IP.

In other words, the notify.php script inside VirtueMart is definitely doing something (i.e. checking for IP address) which according to PayPal is superfluous.

Can anyone with enough scripting knowledge help me out here to adapt it?

Also, I cannot imag=ine that I am the only one having these problems with IPN in VirtueMart. There must be more people behind a reverse proxy or similar...

Thanks in advance.

FatalMusic

HI there,

I also had the following problem:

1. Order status remains 'Pending'
2. Error email with 'possible fraud' coming from paypal

Issue '1' is solved on my side once I entered a 'return url' (just entered my website url), set 'auto return' on and set 'payment data transfer' on in my Paypal profile settings.

However I still receive the email with the 'fraud' error...

I'm still going to do some testing and if i find the answer I'll post again ;)
Please let me know if u figure somethign out also!

Take care, Iris

rob2701

I fixed the "possibile fraud" mails by using the notify script from 2008-04-09:

* PayPal IPN Handler
* @version $Id: notify.php 1364 2008-04-09 16:44:28Z soeren_nb $

So that is solved.

I still cannot get the IPN (Instant Payment Notification) to work whatever I do, orders always remain pending...

Will try to do the upgrade to the latest VM version in a test environment, and see if that solves anything. Bit wary of letting that loose on my live environment though :-)

[attachment cleanup by admin]