Hello, after Paypal payment there is an error, this:
ERROR checkPaypalIps: Error with REMOTE IP ADDRESS
The order remains pending in Virtuemart.
There is a correction to make?
Thank you
Virtuemart 3.2.1
Joomla 3.6.5
The most common reason is checkPaypalIps function return wrong ip address of paypal server.
[edited to remove unsecure suggestion]
protected function checkPaypalIps ($paypal_data) {
Everything ok, Your solution is fine
Thank you
;) :D
I am unsure as to how "safe" your method of disabling a paypal IPN server address check is.
This opens you up to get IPN updates from non PayPal servers, including PayPal sandbox.
Someone could send IPN notices to you from non valid servers (including sandbox) to cause your orders to be updated as if they had been paid
Do not disable IP checking, just try adding the valid address to the array in the function:
plugins\vmpayment\paypal\paypal\helpers\paypal.php
protected function checkPaypalIps ($paypal_data) {
Thanks I restored the files before coming but I did not understand what I have to add, and where, are not very practical in this.
Guide me please.
Thank you
The error continues, how can I fix it?
Post the VM paypal error log
If it is not switched on in the configuration for the payment method - switch it on
Hello
I think this is related to how Paypal expects the IPN to check for correct Paypal IP addresses. Some years ago I contributed some changes to the papal.php file. But now it seems that this list is not complete. i have not wrapped my head completely around this yet. I have made changes that asks Paypal for correct IP addresses during runtime instead of using a static list. So far it seems to work.
I would suggest to replace line 533 to 647 in plugins/vmpayment/paypal/helpers/paypal.php
$paypal_iplist1 = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist3 = array('216.113.188.202', '216.113.188.203', '216.113.188.204', '66.211.170.66');
$paypal_iplist = array_merge($paypal_iplist1, $paypal_iplist2, $paypal_iplist3);
// http://forum.virtuemart.net/index.php?topic=115375.msg406664#msg406664
// Added JH 2013-10-12
//Current IP addresses
//------------api.paypal.com---------
$paypal_iplist_api = array(
'173.0.88.66',
'173.0.88.98',
'173.0.84.66',
'173.0.84.98',
'173.0.80.00',
'173.0.80.01',
'173.0.80.02',
'173.0.80.03',
'173.0.80.04',
'173.0.80.05',
'173.0.80.06',
'173.0.80.07',
'173.0.80.08',
'173.0.80.09',
'173.0.80.10',
'173.0.80.11',
'173.0.80.12',
'173.0.80.13',
'173.0.80.14',
'173.0.80.15',
'173.0.80.16',
'173.0.80.17',
'173.0.80.18',
'173.0.80.19',
'173.0.80.20',
'173.0.82.126',
);
//------------api-aa.paypal.com------------
$paypal_iplist_api_aa = array('173.0.88.67', '173.0.88.99', '173.0.84.99', '173.0.84.67');
//'------------api-3t.paypal.com------------'
$paypal_iplist_api_3t_aa = array('173.0.88.69', '173.0.88.101', '173.0.84.69', '173.0.84.101');
//------------api-aa-3t.paypal.com------------
$paypal_iplist_api_aa_3t = array('173.0.88.68', '173.0.88.100', '173.0.84.68', '173.0.84.100');
//------------notify.paypal.com (IPN delivery)------------
$paypal_iplist_notify = array('173.0.81.1', '173.0.81.33');
//'-----------reports.paypal.com-----------'
$paypal_iplist_reports = array(
'66.211.168.93',
'173.0.84.161',
'173.0.84.198',
'173.0.88.161',
'173.0.88.198'
);
//'------------www.paypal.com------------'
//'Starting September 12, 2012 www.paypal.com will start resolving to a dynamic list of IP addresses and as such should not be whitelisted.'
//'For more information on IPNs please go here.'
//'------------ipnpb.paypal.com------------'
$paypal_iplist_ipnb = array(
'64.4.240.0',
'64.4.240.1',
'64.4.240.2',
'64.4.240.3',
'64.4.240.4',
'64.4.240.5',
'64.4.240.6',
'64.4.240.7',
'64.4.240.8',
'64.4.240.9',
'64.4.240.10',
'64.4.240.11',
'64.4.240.12',
'64.4.240.13',
'64.4.240.14',
'64.4.240.15',
'64.4.240.16',
'64.4.240.17',
'64.4.240.18',
'64.4.240.19',
'64.4.240.20',
'118.214.15.186',
'118.215.103.186',
'118.215.119.186',
'118.215.127.186',
'118.215.15.186',
'118.215.151.186',
'118.215.159.186',
'118.215.167.186',
'118.215.199.186',
'118.215.207.186',
'118.215.215.186',
'118.215.231.186',
'118.215.255.186',
'118.215.39.186',
'118.215.63.186',
'118.215.7.186',
'118.215.79.186',
'118.215.87.186',
'118.215.95.186',
'202.43.63.186',
'69.192.31.186',
'72.247.111.186',
'88.221.43.186',
'92.122.143.186',
'92.123.151.186',
'92.123.159.186',
'92.123.163.186',
'92.123.167.186',
'92.123.179.186',
'92.123.183.186'
);
// JH
$paypal_iplist = array_merge($paypal_iplist, // Added JH 2013-10-12
$paypal_iplist_api, $paypal_iplist_api_aa, $paypal_iplist_api_3t_aa, $paypal_iplist_api_aa_3t, $paypal_iplist_notify, $paypal_iplist_ipnb// JH
);
with
// JH 2017-04-23
// Get IP through DNS call
// API endpoints
$paypal_iplist_api = gethostbynamel('api.paypal.com');
$paypal_iplist_api_3t = gethostbynamel('api-3t.paypal.com');
$paypal_iplist_api_aa = gethostbynamel('api-aa.paypal.com');
$paypal_iplist_api_aa_3t = gethostbynamel('api-aa-3t.paypal.com');
$paypal_iplist_svcs = gethostbynamel('svcs.paypal.com');
// Reporting and order management
$paypal_iplist_accounts = gethostbynamel('accounts.paypal.com');
$paypal_iplist_batch = gethostbynamel('batch.paypal.com');
$paypal_iplist_disputes = gethostbynamel('disputes.paypal.com');
$paypal_iplist_ipnpb = gethostbynamel('ipnpb.paypal.com');
$paypal_iplist_notify = gethostbynamel('notify.paypal.com');
$paypal_iplist_reports = gethostbynamel('reports.paypal.com');
// web
$paypal_iplist_mobile = gethostbynamel('mobile.paypal.com');
$paypal_iplist_m = gethostbynamel('m.paypal.com');
// Pointofsale
$paypal_iplist_pointofsale = gethostbynamel('pointofsale.paypal.com');
$paypal_iplist = array_merge( // $paypal_iplist, // Added JH 2013-10-12, Changed JH 2017-04-23
// API endpoints
$paypal_iplist_api,
$paypal_iplist_api_3t,
$paypal_iplist_api_aa,
$paypal_iplist_api_aa_3t,
$paypal_iplist_svcs,
// List of Reporting and order management
$paypal_iplist_accounts,
$paypal_iplist_batch,
$paypal_iplist_disputes,
$paypal_iplist_ipnpb,
$paypal_iplist_notify,
$paypal_iplist_reports,
// Web
$paypal_iplist_mobile,
$paypal_iplist_m,
// Pointofsale
$paypal_iplist_pointofsale
// JH
);
I am currently running my site (VM 3.0.19.9) with the changes made above. The same paypal.php file is curently beeing used for the VM 3.2.1.
Paypal does make a note :
QuoteAs of September 12, 2012, www.paypal.com resolves to a dynamic list of IP addresses and should not be whitelisted.
**For Instant Payment Notification (IPN) only**
If you must use a set list of IP address (i.e. for the purposes of a firewall), please note that you can use the https://ipnpb.paypal.com/ host for Instant Payment Notification (IPN) postback verification. IP addresses for the ipnpb.paypal.com host are available in the dropdown list above.
This means, I think, that it could be reduced to only checking the ipnpb.paypal.com or should fo example notify be included also? Paypal isn´t chrystal clear on this.
// JH 2017-04-23
// Get IP through DNS call
// Reporting and order management
$paypal_iplist_ipnpb = gethostbynamel('ipnpb.paypal.com');
$paypal_iplist_notify = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( // JH 2017-04-23
// List of Reporting and order management
$paypal_iplist_ipnpb,
$paypal_iplist_notify
);
// JH
Any feedback is appreciated
Jörgen @ Kreativ Fotografi
Joergen
I am testing in sandbox
In PayPal's documentation they say use this for sandbox - in my testing on 3.2.1
https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNTesting/ (https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNTesting/)
ipnpb.sandbox.paypal.com
The validation fails if this is used on its own at present
I suggest for sandbox that it is possible to use:
if ($this->_method->sandbox) {
// $paypal_iplist = gethostbynamel('ipn.sandbox.paypal.com');
// $paypal_iplist = (array)$paypal_iplist;
// QUORVIA 2017April24
$paypal_sandbox_iplist_ipn = gethostbynamel('ipn.sandbox.paypal.com');
$paypal_sandbox_iplist_ipnpb = gethostbynamel('ipnpb.sandbox.paypal.com');
$paypal_iplist = array_merge(
$paypal_sandbox_iplist_ipn,
$paypal_sandbox_iplist_ipnpb
); // end quorvia
Debug from my test:-
2017-04-24 16:55:17 DEBUG PaymentNotification, order_number:: APZ7010
2017-04-24 16:55:17 DEBUG PaymentNotification, virtuemart_paymentmethod_id:: 5
2017-04-24 16:55:17 DEBUG checkPaypalIps SANDBOX: Array
(
[0] => 173.0.82.126
[1] => 173.0.82.66
)
2017-04-24 16:55:17 DEBUG checkPaypalIps REMOTE ADDRESS: 173.0.82.126
2017-04-24 16:55:17 DEBUG validateIpnContent: valid_ipn: VERIFIED
0
your thoughts are welcome
Hello AH
I have not checked the sandbox settings, but as You say they could also need an overhaul. Your suggestion could be working, but You can not be sure about this. It is probably almost enough. One could also assume that You should check everyone of these servers:
Standard servers
batch.sandbox.paypal.com
business.sandbox.paypal.com
developer.paypal.com
ipn.sandbox.paypal.com
mobileclient.sandbox.paypal.com
reports.sandbox.paypal.com
www.sandbox.paypal.com
Additional servers
api.sandbox.paypal.com
ipnpb.sandbox.paypal.com
svcs.sandbox.paypal.com
api-3t.sandbox.paypal.com
api-s.sandbox.paypal.com
api-m.sandbox.paypal.com
The documentation is not totally clear on this, or I am not understanding what they are saying. Anyway I have sent a question to Paypal asking them to explain what servers to use for IP-lookup. Maybe all or some of the additonal servers should be used, I am not sure which. Let´s see what PayPal has to offer.
My suggested code in my earlier post seems to be working for real IPN transactions (no changes are made for the sandbox calls), but may include to many servers for the lookup.
regards
Jörgen @ Kreativ Fotografi
Hi I did the change you suggested but the error continues
The order is also pending.
Attached file paypal.3.log.php.
Sorry but I'm not a developer guides me how to fix the problem.
Thank you
Just curious - which PayPal option do you use? I'm using VM's PayPal Standard with VM 3.2.1 which is working fine my case.
Quote from: jjk on April 25, 2017, 22:18:58 PM
Just curious - which PayPal option do you use? I'm using VM's PayPal Standard with VM 3.2.1 which is working fine my case.
VM Payment Papal with VM 3.0.18
Quote from: Grisu74 on April 25, 2017, 22:40:51 PM
VM Payment Papal with VM 3.0.18
I meant which PayPal option. VM Payment PayPal has four PayPal options: Standard, Express Checkout, Payment Pro and Hosted Pro.
Quote from: jjk on April 25, 2017, 22:51:22 PM
Quote from: Grisu74 on April 25, 2017, 22:40:51 PM
VM Payment Papal with VM 3.0.18
I meant which PayPal option. VM Payment PayPal has four PayPal options: Standard, Express Checkout, Payment Pro and Hosted Pro.
Sorry....Hosted Pro.....I have a Paypal Business account
hmm .. Hosted Pro .. a rare beast .. only US and UK I think
I never got the stock VM plugin to work on this and used a 3rd party plugin
Hello
I think I see the problem:
Quote2017-04-25 19:37:30 ERROR checkPaypalIps: Error with REMOTE IP ADDRESS = 172.68.142.126.
This is a Cloudfare IP-address and not the original Paypal server address. Someone who knows more about Cloudfare could probably explain how to deal with this.
regards
Jörgen @ Kreativ Fotografi
Just googled a little bit. Perhaps this helps: http://www.readybytes.net/blog/item/tips-to-use-cloudflare-with-ecommerce-sites.html
@jjk
Great, this looks a solution.
@Grisu74
Take a look at what jjk found and insert the valid IP-adresses from Paypal there. I still haven´t got any response from Paypal in this issue.
Valid IP from Paypal servers
https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1056 (https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1056)
regards
Jörgen @ Kreativ Fotografi
Quote
hmm .. Hosted Pro .. a rare beast .. only US and UK I think
I never got the stock VM plugin to work on this and used a 3rd party plugin
Modify message
I used the hosted pro with PayPal iframe - works a treat with stock VM