Hey there guys, so I've spent the past 3 hours trying to figure out why PayPal IPN servers wont stick to configurable IPS.
I've checked the PayPal Live IP List, and they don't even have a 172.~ ip listed there. what are-the-ip-addresses-for-live-paypal-servers (https://www.paypal.com/ca/smarthelp/article/what-are-the-ip-addresses-for-live-paypal-servers-ts1056)
I've resent the IPN request 19 times and these are the IP's I've logged:
173.0.81.65, 172.70.34.178, 173.245.54.237, 172.68.65.232, 172.69.22.32, 172.68.132.149, 172.68.57.83
172.68.189.91, 172.69.22.86 , 172.69.63.125
This is the current code - I have added gethostbyname attempting to resolve it that way but that doesn't work to verify since the IP's change continuously there too.
Does anyone know how to verify PayPal's IPN servers and does the code below look like a good substitute?
I've checked the PayPal Live IP List, and they don't even have a 172.~ ip listed there. what are-the-ip-addresses-for-live-paypal-servers (https://www.paypal.com/ca/smarthelp/article/what-are-the-ip-addresses-for-live-paypal-servers-ts1056)
I've resent the IPN request 19 times and these are the IP's I've logged:
173.0.81.65, 172.70.34.178, 173.245.54.237, 172.68.65.232, 172.69.22.32, 172.68.132.149, 172.68.57.83
172.68.189.91, 172.69.22.86 , 172.69.63.125
This is the current code - I have added gethostbyname attempting to resolve it that way but that doesn't work to verify since the IP's change continuously there too.
PHP:
$ip = $_SERVER['REMOTE_ADDR'];
$ips = array('173.0.81.1','173.0.81.33','66.211.170.66');
$wip = gethostbyname("ipnpb.paypal.com");
$wip2 = gethostbyname("notify.paypal.com");
//echo $wip2;
if(!in_array($ip, $ips, $wip, $wip2)) {
print "Your IP has been logged.";
$hak = fopen("scammer.log", "a");
fwrite($hak, "$ip \r\n");
fclose($hak);
die(0);
}
Does anyone know how to verify PayPal's IPN servers and does the code below look like a good substitute?
Code:
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
if (!preg_match('/paypal.com$/', $hostname)) {
$ipn_status = 'Validation post isn't from PayPal';
Last edited: