PayPal IPN Transaction Warning on your site: Could not resolve paypal hostname

[behemoth]

I'm sorry if this has been brought up before. I've done a lot of searching recently, but not found my specific issue.

Until recently we've been getting a number of "PayPal IPN Transaction on your site: Possible fraud" emails but with no IP address in them. Upon checking, the payments have been recieved and I've been able to manually confirm the orders, but it's a pain.

I've since upgraded both VM and the AIO, and that seems to have addressed the fraud issue, and instead we're getting an occasional hostname resolution issue:

One of the PayPal hostname could not be resolved
www.paypal.com

I turned on the logging and monitored it. It appears (and bear with me because my PHP is pretty basic) that the following code in paypal.php:

Code Select Expand


gethostbynamel('www.paypal.com');


is occasionally not returning a valid array of IP addresses. It looks like the response from the payment is coming from notify.paypal.com, so the order is confirming, but it's still generating the warning email.

I suspect this is what has caused both problems, but why? This has only started recently (in the last month), and I want to make sure there aren't any problems on the horizon. Can anybody point me in the right direction to investigate, or let me know if it's a known transient issue that won't ever cause problems. I don't want to become complacent about warning emails, so 'ignore it' isn't really the answer I'm looking for.

J2.5.11
VM2.0.24 (first identified under 2.0.20b)

[alatak]

Hello
Yes we do have the problem also.
It is a recent problem which coincide with the 2.0.24.
But that code has not specially changed.
At the moment i do not know why

VM2.0.24 (first identified under 2.0.20b)

hum you found this problem also with the   2.0.20b?

[alatak]

Hello
JJk showed me that info:
PayPal might have changed some ip numbers recently. See here (The list seems to have been updated 4 days ago):
https://ppmts.custhelp.com/app/answers/detail/a_id/92

[Jörgen]

Hello Alatak

I have made some additions to the notify.php to comply with the updates of IP adresses made by PayPal. The changes are published in this thread.
http://forum.virtuemart.net/index.php?topic=115375.msg406664#msg406664

I hope that this may help others

regards

Jörgen @ Kreativ Fotografi

[behemoth]

hum you found this problem also with the   2.0.20b?
[/quote]
Well, under 2.0.20b we were getting the fraud emails:

PayPal IPN Transaction on your site: Possible fraud
Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 173.0.81.1.
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address

            These are the valid IP Addresses: The Order ID received was: XXXXXXXX


I stepped through the code as best I could and surmised that gethostbynamel() was occasionally failing and it was causing the email to fire. I could be wrong though.

[Jörgen]

Hello behemoth

This IP is white listed by paypal so there should be no error but the white list in VM is outdated. I have made changes for the VM 1.1.x version (notify.php) and almost the same changes should be made to the paypal.php for the 2.x version. Valerie will soon release an updated paypal.php with the new white list for the VM 2.x.

Jörgen @ Kreativ Fotografi

[behemoth]

Hi Jörgen,

I thought it might be whitelisted, that's why I thought the error was a bit of a red herring. I think since gethostbynamel() didn't return an array when it polled for the IP address of www.paypal.com (not the notify address), the script was unable to build an array of valid IP addresses and it went into the 'send a fraud email' bit. By all means, ignore my suggestion that 2.2.20b is an issue. That's why I upgraded anyway.

[behemoth]

Received another of these last night, and I don't think it's an IP address issue. I've not made any changes since I started this thread (they're live sites, so it's going to require testing before I think about it).

Last night's order didn't get marked as confirmed in VM. Fortunately I recently enabled logging. The log contains the following:

Code Select Expand


2013-10-16 20:15:55
message: checkPaypalIps: 173.0.81.1,173.0.81.33,216.113.188.202,216.113.188.203,216.113.188.204,66.211.170.66 server is:173.0.81.1

2013-10-16 20:15:55
message: checkPaypalIps:  OK

2013-10-16 20:15:55
message: _processIPN fsockopen FALSE

2013-10-16 20:15:55
message: _processIPN valid_ipn:

2013-10-16 20:15:55
message: paypal_data _processIPN FALSE

The fact that the checked IP address (173.0.81.1) is in the list of IP addresses suggests it's a different issue. This IP address doesn't appear to have failed a check. As I suggested earlier, I think gethostbynamel('www.paypal.com'); is intermittently failing, perhaps because the IP address changes from time to time. This then causes problems in generating the IP address list, rather than generating a smaller list.

If that is the case, the script should still be able to check against the whitelist and confirm the order, rather than automatically generating the error and leaving a genuine paid order in pending. Only if the IP address doesn't match the list should it be flagged as a problem.

Tell me to shut up if I've got it wrong. I'm just trying to help and this is quite a frustrating issue.

[behemoth]

Hi All,

Any updates on this issue? Still causing problems here...

[behemoth]

Still no update? Is there anything I can do to help speed things up? This is a real problem for us. We've got paid orders that aren't being confirmed. I found one today that's two weeks old!

[Jörgen]

Hello behemoth

I can try to make the neccesary changes in the 2.0 version of the files, but I need someone who can test that it works. The corrections should not be very difficult to make. I will be back with an updated paypal file.

Jörgen @ Kreativ Fotografi

[GJC Web Design]

If Im reading this right

2013-10-16 20:15:55
message: checkPaypalIps: 173.0.81.1,173.0.81.33,216.113.188.202,216.113.188.203,216.113.188.204,66.211.170.66 server is:173.0.81.1

2013-10-16 20:15:55
message: checkPaypalIps:  OK

2013-10-16 20:15:55
message: _processIPN fsockopen FALSE

2013-10-16 20:15:55
message: _processIPN valid_ipn:

2013-10-16 20:15:55
message: paypal_data _processIPN FALSE

the Paypal ips are checked fine

then the script sends a notify back to the paypal server from whence it came

/*
       * Before we can trust the contents of the message, we must first verify that the message came from PayPal.
       * To verify the message, we must send back the contents in the exact order they
       * were received and precede it with the command _notify-validate,
       */

it tries to open a socket by fsockopen

$fps = fsockopen($protocol . $paypal_url, $port, $errno, $errstr, 30);

this bit is failing

2013-10-16 20:15:55
message: _processIPN fsockopen FALSE

it should have sent you an email with the eror string and number

Code Select Expand

if (!$fps) {
$this->sendEmailToVendorAndAdmins("error with PayPal", JText::sprintf('VMPAYMENT_PAYPAL_ERROR_POSTING_IPN', $errstr, $errno)."/n".$post_msg);
$this->logInfo('_processIPN fsockopen FALSE', 'message');
}

perhaps your host has some logs as to why your fsockopen is failing..

[behemoth]

Hi GJC,

Thanks for responding. I didn't really understand your suggestion so I went back to our hosts, but the log is over a month old so they've asked for more up to date examples or entries in the error_log and neither look quite the same now.

Your analysis of the log seems sound, but the code on lines 792-804 of paypal.php:

Code Select Expand


if (!is_array($paypal_iplist1) or !is_array($paypal_iplist2)) {
$mail_subject = "PayPal IPN Transaction Warning on your site: Could not resolve paypal hostname";
$mail_body = " One of the PayPal hostname could not be resolved \n";
if (!is_array($paypal_iplist1)) {
$paypal_iplist1 = array();
$mail_body .= " www.paypal.com \n";
}
if (!is_array($paypal_iplist2)) {
$paypal_iplist2 = array();
$mail_body .= " notify.paypal.com \n";
}
$this->sendEmailToVendorAndAdmins($mail_subject, $mail_body);
}


Suggests to me that the contents of the warning email I receive are determined during the checkPaypalIps phase. My speculation is that while the response is returned from a valid IP (presumably notify.paypal.com), one of the other checked URLs is failing (I think this would be www.paypal.com). This causes $paypal_iplist1 to not be an array (I expect it's an error instead), which in turn causes the email to be sent. The transaction in this case was successful, the response was received, and the order set to confirmed without any interference on my part. My concern is that I don't want to receive warnings and errors I'm expected to ignore.

[behemoth]

Ah,

I've found an archive of emails generated by:

Code Select Expand


if (!$fps) {
$this->sendEmailToVendorAndAdmins("error with PayPal", JText::sprintf('VMPAYMENT_PAYPAL_ERROR_POSTING_IPN', $errstr, $errno)."/n".$post_msg);
$this->logInfo('_processIPN fsockopen FALSE', 'message');
}


The content of which simply states:

Error while posting IPN: php_network_getaddresses: getaddrinfo failed: Name or service not known,  0

I don't see any of these since the end of October though.

[GJC Web Design]

Hi,

if the check
if (!$this->checkPaypalIps($paypal_data['ipn_test'], $paypal_data['invoice'], $method)) {
         $this->logInfo('_processIPN checkPaypalIps FALSE', 'message');
         return FALSE;
      }

which is the function from line 780 fails you will get the "PayPal IPN Transaction Warning on your site: Could not resolve paypal hostname" email.
but function _processIPN() will then stop with a False and you'll never reach the if (!$fps)

To me it looks like server connectivity problems if your getting multiple different failures...

If the code was faulty the forum would be swamped in complaints.. the common denominator is your server...

Error while posting IPN: php_network_getaddresses: getaddrinfo failed: Name or service not known,  0 means your server couldn't resolve the ip address of www.paypal.com

This could be DNS related on your server - who is your host?

Cheers