Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 66.211.170.66

[samlf3rd]

I keep getting these emails from my estores (J 2.5.9 & VM 2.0.20b):

Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 66.211.170.66.
The remote address of the script posting to this notify script does not match a valid PayPal ip address

These are the valid IP Addresses: The Order ID received was: 329767em

Is PayPal changing their IP's? Anybody else?

In my PayPal plugin file I have this:

Code Select Expand

function checkPaypalIps ($test_ipn, $order_number, $method) {

// Get the list of IP addresses for www.paypal.com and notify.paypal.com
if ($method->sandbox) {
$paypal_iplist = gethostbynamel ('ipn.sandbox.paypal.com');
$paypal_iplist = (array)$paypal_iplist;
} else {
$paypal_iplist1 = gethostbynamel ('www.paypal.com');
$paypal_iplist2 = gethostbynamel ('notify.paypal.com');
$paypal_iplist3 = array( '216.113.188.202' , '216.113.188.203' , '216.113.188.204' , '66.211.170.66' );
            $paypal_iplist = array_merge( $paypal_iplist1, $paypal_iplist2, $paypal_iplist3 );
}
$this->logInfo ('checkPaypalIps: ' . implode (",", $paypal_iplist) . " server is:" . $_SERVER['REMOTE_ADDR'], 'message');
$hostname = $this->_getPaypalUrl ($method);
//  test if the remote IP connected here is a valid IP address
if (!in_array ($_SERVER['REMOTE_ADDR'], $paypal_iplist)) {
$mail_subject = "PayPal IPN Transaction on your site: Possible fraud";
$mail_body = "Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = " . $_SERVER['REMOTE_ADDR'] . ".
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address\n
            These are the valid IP Addresses: " . implode (",", $paypal_iplist) .
"The Order ID received was: " . $order_number;
$this->sendEmailToVendorAndAdmins ($mail_subject, $mail_body);
return FALSE;
}
/*

Also, I even got this return in an email this morning too:

Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 173.0.81.1.
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address

            These are the valid IP Addresses: The Order ID received was: 49e30378

I don't know where the 173.0.81.1 is coming from? It isn't in the plugin file?

Sam

[alatak]

Hello

Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 66.211.170.66.
The remote address of the script posting to this notify script does not match a valid PayPal ip address

These are the valid IP Addresses: The Order ID received was: 329767em

Strange : the list  of the valid IP adresses is empty. That is the reason why you are getting this email.

Looks like one of the gethostbynamel() function returned false because one of the hostname  could not be resolved. I wonder which one and why...'www.paypal.com' or 'notify.paypal.com' ?

Code Select Expand

$paypal_iplist1 = gethostbynamel ('www.paypal.com');
$paypal_iplist2 = gethostbynamel ('notify.paypal.com');
So the

Code Select Expand

$paypal_iplist = array_merge( $paypal_iplist1, $paypal_iplist2, $paypal_iplist3 );
and this list  paypal_iplist  is then false.

Please do this
after those lines

Code Select Expand

$paypal_iplist1 = gethostbynamel ('www.paypal.com');
$paypal_iplist2 = gethostbynamel ('notify.paypal.com');
add this code

Code Select Expand


if (!is_array($paypal_iplist1) or !is_array($paypal_iplist2)) {
                $mail_subject = "PayPal IPN Transaction Warning on your site: Could not resolve paypal hostname";
                $mail_body = " One of the PayPal hostname could not be resolved \n";
                if (!is_array($paypal_iplist1)) {
                    $paypal_iplist1 = array();
                    $mail_body .= " www.paypal.com \n";
                }
                if (!is_array($paypal_iplist2)) {
                    $paypal_iplist2 = array();
                    $mail_body .= " notify.paypal.com \n";
                }
                $this->sendEmailToVendorAndAdmins($mail_subject, $mail_body);
            }


You will receive an email telling which hostname could not be reolved. But you will not get anylonger the email with " Error code 506. Possible fraud."
I am fixing the Paypal code.

[samlf3rd]

So what you are saying is that my new code should look like this (or do I remove the other "if" statement?

Code Select Expand

function checkPaypalIps ($test_ipn, $order_number, $method) {

// Get the list of IP addresses for www.paypal.com and notify.paypal.com
if ($method->sandbox) {
$paypal_iplist = gethostbynamel ('ipn.sandbox.paypal.com');
$paypal_iplist = (array)$paypal_iplist;
} else {
$paypal_iplist1 = gethostbynamel ('www.paypal.com');
$paypal_iplist2 = gethostbynamel ('notify.paypal.com');
}

//New Code???
if (!is_array($paypal_iplist1) or !is_array($paypal_iplist2)) {
                $mail_subject = "PayPal IPN Transaction Warning on your site: Could not resolve paypal hostname";
                $mail_body = " One of the PayPal hostname could not be resolved \n";
                if (!is_array($paypal_iplist1)) {
                    $paypal_iplist1 = array();
                    $mail_body .= " www.paypal.com \n";
                }
                if (!is_array($paypal_iplist2)) {
                    $paypal_iplist2 = array();
                    $mail_body .= " notify.paypal.com \n";
                }
                $this->sendEmailToVendorAndAdmins($mail_subject, $mail_body);
            }

But what about this part?

Code Select Expand

$paypal_iplist3 = array( '216.113.188.202' , '216.113.188.203' , '216.113.188.204' , '66.211.170.66' );
            $paypal_iplist = array_merge( $paypal_iplist1, $paypal_iplist2, $paypal_iplist3 );
}
$this->logInfo ('checkPaypalIps: ' . implode (",", $paypal_iplist) . " server is:" . $_SERVER['REMOTE_ADDR'], 'message');
$hostname = $this->_getPaypalUrl ($method);

Or should i do this:

Code Select Expand

function checkPaypalIps ($test_ipn, $order_number, $method) {

// Get the list of IP addresses for www.paypal.com and notify.paypal.com
if ($method->sandbox) {
$paypal_iplist = gethostbynamel ('ipn.sandbox.paypal.com');
$paypal_iplist = (array)$paypal_iplist;
} else {
$paypal_iplist1 = gethostbynamel ('www.paypal.com');
$paypal_iplist2 = gethostbynamel ('notify.paypal.com');
$paypal_iplist3 = array( '216.113.188.202' , '216.113.188.203' , '216.113.188.204' , '66.211.170.66' );
            $paypal_iplist = array_merge( $paypal_iplist1, $paypal_iplist2, $paypal_iplist3 );
}
$this->logInfo ('checkPaypalIps: ' . implode (",", $paypal_iplist) . " server is:" . $_SERVER['REMOTE_ADDR'], 'message');
$hostname = $this->_getPaypalUrl ($method);
//  test if the remote IP connected here is a valid IP address

      //your code
                if (!is_array($paypal_iplist1) or !is_array($paypal_iplist2)) {
                $mail_subject = "PayPal IPN Transaction Warning on your site: Could not resolve paypal hostname";
                $mail_body = " One of the PayPal hostname could not be resolved \n";
                if (!is_array($paypal_iplist1)) {
                    $paypal_iplist1 = array();
                    $mail_body .= " www.paypal.com \n";
                }
                if (!is_array($paypal_iplist2)) {
                    $paypal_iplist2 = array();
                    $mail_body .= " notify.paypal.com \n";
                }
                $this->sendEmailToVendorAndAdmins($mail_subject, $mail_body);
            }
}

[Yeoer]

(J 2.5.9 & VM 2.0.18a):

Same for me,  started yesterday. It has been working perfectly until yesterday afternoon.

Slightly different message:
______________________________________________________________________________________________
Subject: PayPal IPN Transaction on your site: Possible fraud

Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 10.44.161.150.
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address

            These are the valid IP Addresses: 23.34.82.234,173.0.81.1,173.0.81.33The Order ID received was: 200200

[samlf3rd]

(J 2.5.9 & VM 2.0.18a):

Same for me,  started yesterday. It has been working perfectly until yesterday afternoon.

Slightly different message:
______________________________________________________________________________________________
Subject: PayPal IPN Transaction on your site: Possible fraud

Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 10.44.161.150.
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address

            These are the valid IP Addresses: 23.34.82.234,173.0.81.1,173.0.81.33The Order ID received was: 200200

That's what I am saying. All my eStores are doing it. I could see one, but why all of them? Something had to of changed at PayPal-no?

[alatak]

hello

@ samlf3rd

the function should is the following

Code Select Expand

function checkPaypalIps ($test_ipn, $order_number, $method)
{

// Get the list of IP addresses for www.paypal.com and notify.paypal.com
if ($method->sandbox) {
$paypal_iplist = gethostbynamel('ipn.sandbox.paypal.com');
$paypal_iplist = (array)$paypal_iplist;
} else {
$paypal_iplist1 = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist3 = array('216.113.188.202', '216.113.188.203', '216.113.188.204', '66.211.170.66');
if (!is_array($paypal_iplist1) or !is_array($paypal_iplist2)) {
$mail_subject = "PayPal IPN Transaction Warning on your site: Could not resolve paypal hostname";
$mail_body = " One of the PayPal hostname could not be resolved \n";
if (!is_array($paypal_iplist1)) {
$paypal_iplist1 = array();
$mail_body .= " www.paypal.com \n";
}
if (!is_array($paypal_iplist2)) {
$paypal_iplist2 = array();
$mail_body .= " notify.paypal.com \n";
}
$this->sendEmailToVendorAndAdmins($mail_subject, $mail_body);
}

$paypal_iplist = array_merge($paypal_iplist1, $paypal_iplist2, $paypal_iplist3);
}
$this->logInfo('checkPaypalIps: ' . implode(",", $paypal_iplist) . " server is:" . $_SERVER['REMOTE_ADDR'], 'message');
$hostname = $this->_getPaypalUrl($method);
//  test if the remote IP connected here is a valid IP address
if (!in_array($_SERVER['REMOTE_ADDR'], $paypal_iplist)) {
$mail_subject = "PayPal IPN Transaction on your site: Possible fraud";
$mail_body = "Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = " . $_SERVER['REMOTE_ADDR'] . ".
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address\n
            These are the valid IP Addresses: " . implode(",", $paypal_iplist) .
"The Order ID received was: " . $order_number;
$this->sendEmailToVendorAndAdmins($mail_subject, $mail_body);
return FALSE;
}
/*
if (!($method->sandbox && $test_ipn == 1)) {
$res = "FAILED";
$mailsubject = "PayPal Sandbox Transaction";
$mailbody = "Hello,
A fatal error occurred while processing a paypal transaction.
----------------------------------
Hostname: $hostname
URI:" . $_SERVER["REMOTE_ADDR"] .
" A Paypal transaction was made using the sandbox without your site in Paypal-Debug-Mode";
//vmMail($mosConfig_mailfrom, $mosConfig_fromname, $debug_email_address, $mailsubject, $mailbody );
$this->sendEmailToVendorAndAdmins ($mailsubject, $mailbody);
return FALSE;
}
*/
$this->logInfo('checkPaypalIps:  OK', 'message');

return TRUE;
}

Quote from: Yeoer on Today at 17:02:41
(J 2.5.9 & VM 2.0.18a):

Same for me,  started yesterday. It has been working perfectly until yesterday afternoon.

Slightly different message:
______________________________________________________________________________________________
Subject: PayPal IPN Transaction on your site: Possible fraud

Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 10.44.161.150.
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address

            These are the valid IP Addresses: 23.34.82.234,173.0.81.1,173.0.81.33The Order ID received was: 200200

humm.. i don't know.

The paypal valid addresses are listed here https://ppmts.custhelp.com/app/answers/detail/a_id/92

This IP 10.44.161.150 is from akamaitechnologies.com which is a cache server company

[samlf3rd]

(J 2.5.9 & VM 2.0.18a):

Same for me,  started yesterday. It has been working perfectly until yesterday afternoon.

Slightly different message:
______________________________________________________________________________________________
Subject: PayPal IPN Transaction on your site: Possible fraud

Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 10.44.161.150.
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address

            These are the valid IP Addresses: 23.34.82.234,173.0.81.1,173.0.81.33The Order ID received was: 200200

What are your server/domain stats? I am on a GoDaddy Virtual Private Server running Plesk. I am not getting any more of these, so I think it may of been a glitch in either PayPal's end, Godaddy, or my Plesk. But if it happened to you too at the same time-different servers, plus I have multiple eStores then either our host company or PayPal.

Have you received any more?

[alatak]

Hello

Have you received any more?

Yes i would like also to understand what happened