"Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 66.211.170.66."

Started by carsten888, February 21, 2011, 20:48:06 PM

Previous topic - Next topic

carsten888

I think I read about all thrreads on this forum about this email message:

QuoteError code 506. Possible fraud. Error with REMOTE IP ADDRESS = 66.211.170.66.
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address

            These are the valid IP Addresses:
           
            The Order ID received was: 3297_cb6bb5e4b089e53f5a177feff09

So what I understood from all other threads abotu this on this forum, is that paypal is using a new payment server. The IP adress of the paypal servers is hard-coded in the notify.php. I checked my version and it was not there. So I took the advice and updated to the latest version 1.1.7. All seemed well, but to my great surprose I got another one of these emails today.

I checked the code in notify.php, that IP really is in there.

$paypal_iplist3 = array( '216.113.188.202' , '216.113.188.203' , '216.113.188.204' , '66.211.170.66' );

But somehow maybe none of the ip's is read, as in the email there is no list of the correct ip's. See "These are the valid IP Addresses: " (and the empty lines under that).


zanardi

"Valid IP addresses" is a value that PayPal gives you back, it's not read from notify.php. If it were that way, i could put any address as "valid" in my notify.php.
Of course i cannot be sure, but I guess it may be a temporary issue with PayPal, or a wrong configuration of your PayPal account, even more because i never heard of such error before (i personally maintain many sites which pay with PayPal (Legacy)).
Did you make any hack to Virtuemart original code? Since when did you experience such error?
--
Francesco (zanardi)
http://extensions.gibilogic.com
@gibilogic on Twitter

carsten888

Quoteit's not read from notify.php. If it were that way, i could put any address as "valid" in my notify.php.
But you can. In notify is an array one could just add ip's. Weird thing is that this specific IP is in there, and most payments go without problems, and then once in a while there is that message again. Then I check in the paypal backend and payment was properly made.

Quoteor a wrong configuration of your PayPal account
I don't think so, because this happens only sometimes. By far most payments work fine.

Quoteeven more because i never heard of such error before
realy? search this forum.

QuoteDid you make any hack to Virtuemart original code?
Only this one https://forum.virtuemart.net/index.php?topic=82131.msg270722#msg270722
but i doubt that has anything to do with it.

QuoteSince when did you experience such error?
All this started about 2 weeks ago.

zanardi

Quote from: carsten888 on February 22, 2011, 09:05:53 AMBut you can. In notify is an array one could just add ip's.

Of course you can add an IP address to the array, but that does not make it VALID. That list is been set according to PayPal specifications and that address has been added because it is a valid PayPal IP payment server.

Quoterealy? search this forum.

I am sorry, but since it's you who has the problem and it's me who is helping, could you please avoid me the search and give me some links? Thank you.

QuoteOnly this one https://forum.virtuemart.net/index.php?topic=82131.msg270722#msg270722
but i doubt that has anything to do with it.

I agree, i don't think it has anything to do with it.

QuoteAll this started about 2 weeks ago.

Did you change anything on your site about 2 weeks ago? If not, then it has be an issue with PayPal site... but in that case i know about it as much as you (maybe less).
--
Francesco (zanardi)
http://extensions.gibilogic.com
@gibilogic on Twitter

carsten888

well, here is one of the pieces of the puzzle solved.
In the email it says:
"These are the valid IP Addresses: "
Without any ip's. This is because there are no ip's added to the string in the email.

notify.php
line 232
if( !$valid_ip ) {
change to:
if( !$valid_ip ) {
$ips = "";
$br = '
';
foreach($paypal_iplist as $iplist_item){
$ips .= $br.$iplist_item;
}

carsten888

I think what is generating the error when the ip is valid, might be



       $paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
       $paypal_iplist3 = array( '216.113.188.202' , '216.113.188.203' , '216.113.188.204' , '66.211.170.66' );
       $paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2, $paypal_iplist3 );



If any of the first 2 gethostbynamel's is not available, their value will not be an array. When array_merge with one of them not being an array, there is an error and the array goes kaput. If the the ip is validated against the array (which is broken) it will not validate, even thou the ip is valid.

To fix this the 2 gethostbynamel's must first be checked to be an array, and only then, their values should be added to the array. So if any of them comes back with nothing, it does not crash the array.

zanardi

@carsten888:
that is a good piece of debug. I will surely include an array check to avoid the random error. Thank you!
--
Francesco (zanardi)
http://extensions.gibilogic.com
@gibilogic on Twitter

AH

anardi

Runin 1.1.8 but cannot see the arrya check?  Has this been done??
Regards
A

Joomla 4.4.5
php 8.1