How do I edit notify.php to update the Paypal valid IP addresses?

[shoconnor]

Hello all,

Got the fraud message tonight. Not sure why, but vm couldn't conclude that it had a valid ip address for paypal.

I would like to hard code these addresses in but I'm not sure how to change the notify.php file to do it.

Any help would be greatly appreciated.

[stinga]

G'day,

I don't think they have changed. What was the message and from what IP address did it come from?

[gripped]

I've beem getting this as well.

Last night and this morning.

Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 216.113.188.202.
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address

            These are the valid IP Addresses: 64.4.241.49,
66.211.169.65,
66.211.169.2,
64.4.241.33,
66.211.170.66,

216.113.188.202 is a valid address.
https://www.paypal.com/IntegrationCenter/ic_go-live.html

[stinga]

G'day,

My notify.php does not have a list of ip address's, it uses www.paypal.com and notify.paypal.com and turns them into an IP and then compares that, so there is no list to maintain.

[gripped]

G'day,

My notify.php does not have a list of ip address's, it uses www.paypal.com and notify.paypal.com and turns them into an IP and then compares that, so there is no list to maintain.

Mine to.

But it's not working. The quote I gave is the email generated by notify.php.
The list of vailid ip's is
64.4.241.49,
66.211.169.65,
66.211.169.2,
64.4.241.33,
66.211.170.66,

Yet 216.113.188.202 does resolve to notify.paypal.com

[shoconnor]

Same here.

This is the message I got,

Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 216.113.188.202.
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address

            These are the valid IP Addresses: 64.4.241.33,
64.4.241.49,
66.211.169.2,
66.211.169.65,
66.211.170.66,

           
            The Order ID received was: -95_71a9b7a9921a76e6404101987365


but my notify says it uses www.paypal.com, I want to hard code the ip addy's in so VM doesn't panic and send that message anymore.

[WebStuff]

Same here.

This is the message I got,

Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 216.113.188.202.
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address

            These are the valid IP Addresses: 64.4.241.33,
64.4.241.49,
66.211.169.2,
66.211.169.65,
66.211.170.66,

           
            The Order ID received was: -95_71a9b7a9921a76e6404101987365


but my notify says it uses www.paypal.com, I want to hard code the ip addy's in so VM doesn't panic and send that message anymore.

Found this after a bit of a search:

In order to resolve this, I dove into the notification script at administrator/components/com_virtuemart/notify.php to see how it was determining what constituted a "fraudulent" IP address. Here's what I found:

Code Select Expand


$paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2 );

Further down in the code, the array $paypal_iplist is looped and if $_SERVER['REMOTE_ADDR'] doesn't match, it's considered a fraudulent transaction. What I ended up doing was adding an extra line and explicitly added this new IP:

Code Select Expand


$paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2 );
$paypal_iplist[] = '216.113.188.202';


Even though notify.paypal.com routes to this ip.

Hope this helps.

[shoconnor]

I searched this topic last night and did not find this.

Thank you very much, I'll add it and let everyone know what happens.

Cheers.

[gripped]

Nice one.

I have this now.

$paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2 );
$paypal_iplist[] = '216.113.188.202';
$paypal_iplist[] = '216.113.188.203';
$paypal_iplist[] = '216.113.188.204';

As the second two are also listed as valid on Paypals site.
https://www.paypal.com/IntegrationCenter/ic_go-live.html

[stinga]

G'day,

At a guess and it is only a guess, PP have added a new ip address or two and the dns servers you use are out of date.
Beware of hard coding.

More...
Yeah, paypal has done something to their dns...

Code Select Expand


mike@shark:~$ dig notify.paypal.com A

; <<>> DiG 9.6.1-P2 <<>> notify.paypal.com A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25730
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;notify.paypal.com. IN A

;; ANSWER SECTION:
notify.paypal.com. 600 IN A 66.211.170.66

;; Query time: 206 msec
;; SERVER: 192.158.202.130#53(192.158.202.130)
;; WHEN: Thu Mar 11 21:05:37 2010
;; MSG SIZE  rcvd: 51


As you can see notify.paypal.com only has 1 ip address and it should have all those others or that page is wrong at paypal.

[shoconnor]

So Stinga, what does this mean?

Should I leave things as they are and not code in the ip address or should I leave things as they are AND code in the ip address?

or

Is there a better way so I don't freak out the store's owner over a bad fraud message?

I admit, I am not wise in the ways of ip addresses. Arghhhh!

[amorino]

Unfortunately I have the same problem which appeared yesterday late night
My customers could not download the module after paying
I get the following email after payment:

Object : PayPal IPN Transaction on your site: Possible fraud
**************************
Error code 506. Possible fraud. Error with REMOTE IP ADDRESS = 216.113.188.202.
                        The remote address of the script posting to this notify script does not match a valid PayPal ip address

            These are the valid IP Addresses: 64.4.241.49,
66.211.169.2,
66.211.169.65,
64.4.241.33,
66.211.170.66,

           
            The Order ID received was: 83_61813ff455500fecceb156196fc4f

I contacted Paypal support and they told me to contact my hoster
I don't know what to do please help

[matteo]

Same issue here: after the "PayPal IPN Transaction on your site: Possible fraud" message, the status of the orders are not updated (the first not updated order was in 2010-03-11 14:55 GMT+1).

[gripped]

Backup then open this file in a text editor.

/administrator/components/com_virtuemart/notify.php

Find this code

// Get the list of IP addresses for www.paypal.com and notify.paypal.com
$paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2 );

And replace it with

// Get the list of IP addresses for www.paypal.com and notify.paypal.com
$paypal_iplist = gethostbynamel('www.paypal.com');
$paypal_iplist2 = gethostbynamel('notify.paypal.com');
$paypal_iplist = array_merge( $paypal_iplist, $paypal_iplist2 );
$paypal_iplist[] = '216.113.188.202';
$paypal_iplist[] = '216.113.188.203';
$paypal_iplist[] = '216.113.188.204';

Then save and ipns will work again.

The main reason Paypal advise against hardcoding ip's is in case they change in future.
But if their DNS can't keep up it doesn't help us merchants.

Virtuemart is not at fault here.
It is gathering the valid ip address's in the paypal recommended way.

At some point in the future it should be possible to go back to the original code.
What matters at present is that our shops work

[amorino]

Thank you gripped
I made these changes and I'm waiting for the next order to see if all it's OK

Best regards
Amorino
www.modules.idealconception.com