News:

Support the VirtueMart project and become a member

Main Menu

How do I edit notify.php to update the Paypal valid IP addresses?

Started by shoconnor, March 11, 2010, 09:12:57 AM

Previous topic - Next topic

shoconnor

Hello all,

Got the fraud message tonight. Not sure why, but vm couldn't conclude that it had a valid ip address for paypal.

I would like to hard code these addresses in but I'm not sure how to change the notify.php file to do it.

Any help would be greatly appreciated.

stinga

G'day,

I don't think they have changed. What was the message and from what IP address did it come from?
Stinga.
614869 products in 747 categories with 15749 products in 1 category.
                                             Document Complete   Fully Loaded
                Load Time First Byte Start Render   Time      Requests      Time      Requests
First View     2.470s     0.635s     1.276s          2.470s       31            2.470s      31
Repeat View  1.064s     0.561s     1.100s          1.064s       4             1.221s       4

gripped

I've beem getting this as well.

Last night and this morning.
QuoteError code 506. Possible fraud. Error with REMOTE IP ADDRESS = 216.113.188.202.
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address

            These are the valid IP Addresses: 64.4.241.49,
66.211.169.65,
66.211.169.2,
64.4.241.33,
66.211.170.66,

216.113.188.202 is a valid address.
https://www.paypal.com/IntegrationCenter/ic_go-live.html

stinga

G'day,

My notify.php does not have a list of ip address's, it uses www.paypal.com and notify.paypal.com and turns them into an IP and then compares that, so there is no list to maintain.
Stinga.
614869 products in 747 categories with 15749 products in 1 category.
                                             Document Complete   Fully Loaded
                Load Time First Byte Start Render   Time      Requests      Time      Requests
First View     2.470s     0.635s     1.276s          2.470s       31            2.470s      31
Repeat View  1.064s     0.561s     1.100s          1.064s       4             1.221s       4

gripped

QuoteG'day,

My notify.php does not have a list of ip address's, it uses www.paypal.com and notify.paypal.com and turns them into an IP and then compares that, so there is no list to maintain.

Mine to.

But it's not working. The quote I gave is the email generated by notify.php.
The list of vailid ip's is
64.4.241.49,
66.211.169.65,
66.211.169.2,
64.4.241.33,
66.211.170.66,

Yet 216.113.188.202 does resolve to notify.paypal.com

shoconnor

Same here.

This is the message I got,

Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 216.113.188.202.
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address

            These are the valid IP Addresses: 64.4.241.33,
64.4.241.49,
66.211.169.2,
66.211.169.65,
66.211.170.66,

           
            The Order ID received was: -95_71a9b7a9921a76e6404101987365


but my notify says it uses www.paypal.com, I want to hard code the ip addy's in so VM doesn't panic and send that message anymore.

WebStuff

#6
Quote from: shoconnor on March 11, 2010, 16:32:15 PM
Same here.

This is the message I got,

Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 216.113.188.202.
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address

            These are the valid IP Addresses: 64.4.241.33,
64.4.241.49,
66.211.169.2,
66.211.169.65,
66.211.170.66,

           
            The Order ID received was: -95_71a9b7a9921a76e6404101987365


but my notify says it uses www.paypal.com, I want to hard code the ip addy's in so VM doesn't panic and send that message anymore.

Found this after a bit of a search:
Quote
In order to resolve this, I dove into the notification script at administrator/components/com_virtuemart/notify.php to see how it was determining what constituted a "fraudulent" IP address. Here's what I found:


$paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2 );

Further down in the code, the array $paypal_iplist is looped and if $_SERVER['REMOTE_ADDR'] doesn't match, it's considered a fraudulent transaction. What I ended up doing was adding an extra line and explicitly added this new IP:

$paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2 );
$paypal_iplist[] = '216.113.188.202';

Even though notify.paypal.com routes to this ip.

Hope this helps.

shoconnor

I searched this topic last night and did not find this.

Thank you very much, I'll add it and let everyone know what happens.

Cheers.

gripped

Nice one.

I have this now.
Quote$paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2 );
$paypal_iplist[] = '216.113.188.202';
$paypal_iplist[] = '216.113.188.203';
$paypal_iplist[] = '216.113.188.204';

As the second two are also listed as valid on Paypals site.
https://www.paypal.com/IntegrationCenter/ic_go-live.html

stinga

G'day,

At a guess and it is only a guess, PP have added a new ip address or two and the dns servers you use are out of date.
Beware of hard coding.

More...
Yeah, paypal has done something to their dns...

mike@shark:~$ dig notify.paypal.com A

; <<>> DiG 9.6.1-P2 <<>> notify.paypal.com A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25730
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;notify.paypal.com. IN A

;; ANSWER SECTION:
notify.paypal.com. 600 IN A 66.211.170.66

;; Query time: 206 msec
;; SERVER: 192.158.202.130#53(192.158.202.130)
;; WHEN: Thu Mar 11 21:05:37 2010
;; MSG SIZE  rcvd: 51


As you can see notify.paypal.com only has 1 ip address and it should have all those others or that page is wrong at paypal.
Stinga.
614869 products in 747 categories with 15749 products in 1 category.
                                             Document Complete   Fully Loaded
                Load Time First Byte Start Render   Time      Requests      Time      Requests
First View     2.470s     0.635s     1.276s          2.470s       31            2.470s      31
Repeat View  1.064s     0.561s     1.100s          1.064s       4             1.221s       4

shoconnor

So Stinga, what does this mean?

Should I leave things as they are and not code in the ip address or should I leave things as they are AND code in the ip address?

or

Is there a better way so I don't freak out the store's owner over a bad fraud message?

I admit, I am not wise in the ways of ip addresses. Arghhhh!

amorino

Unfortunately I have the same problem which appeared yesterday late night
My customers could not download the module after paying :(
I get the following email after payment:
Quote
Object : PayPal IPN Transaction on your site: Possible fraud
**************************
Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 216.113.188.202.
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address

            These are the valid IP Addresses: 64.4.241.49,
66.211.169.2,
66.211.169.65,
64.4.241.33,
66.211.170.66,

           
            The Order ID received was: 83_61813ff455500fecceb156196fc4f
I contacted Paypal support and they told me to contact my hoster :(
I don't know what to do please help :(
Création sites web Tunisie
http://www.idealconception.com

matteo

Same issue here: after the "PayPal IPN Transaction on your site: Possible fraud" message, the status of the orders are not updated (the first not updated order was in 2010-03-11 14:55 GMT+1).

gripped

Backup then open this file in a text editor.

/administrator/components/com_virtuemart/notify.php

Find this code

Quote// Get the list of IP addresses for www.paypal.com and notify.paypal.com
$paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2 );

And replace it with

Quote// Get the list of IP addresses for www.paypal.com and notify.paypal.com
$paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2 );
$paypal_iplist[] = '216.113.188.202';
$paypal_iplist[] = '216.113.188.203';
$paypal_iplist[] = '216.113.188.204';


Then save and ipns will work again.

The main reason Paypal advise against hardcoding ip's is in case they change in future.
But if their DNS can't keep up it doesn't help us merchants.

Virtuemart is not at fault here.
It is gathering the valid ip address's in the paypal recommended way.

At some point in the future it should be possible to go back to the original code.
What matters at present is that our shops work




amorino

Thank you gripped
I made these changes and I'm waiting for the next order to see if all it's OK

Best regards
Amorino
www.modules.idealconception.com
Création sites web Tunisie
http://www.idealconception.com