October 7, 2011 at 2:01 am #4494LincolnSpectator
On Sept 29, Oct 1, and Nov 15, PayPal will be making changes to the IPN. I have copy and pasted the PayPal announcement below. My question is, do we need to make any changes to our WP eStore settings?
PayPal understands the importance of keeping our service highly available to our customers. Consequently, to improve our performance, scalability and availability we will soon be significantly expanding the number of IP addresses for our services.
During the first phase of this rollout which starts on September 29, we will begin gradually moving PayPal website (https://www.paypal.com) onto a dynamic range of IP addresses rather than the current 8 IP addresses published in the DNS (Domain Name System).
This change should be transparent to most merchants and may not require any action on your part.
ACTION REQUIRED: if you are using IPN (Instant Payment Notification) for Order Management and your IPN listener script is behind a firewall that uses ACL (Access Control List) rules which restrict outbound traffic to a limited number of IP addresses, then you may need to do one of the following:
• To continue posting back to https://www.paypal.com to perform IPN validation you will need to update your firewall ACL to allow outbound access to *any* IP address for the servers that host your IPN script
• Alternatively, you will need to modify your IPN script to post back IPNs to the newly created URL https://ipnpb.paypal.com using HTTPS (port 443) and update firewall ACL rules to allow outbound access to the ipnpb.paypal.com IP ranges (see end of message).
During the next phase of this rollout we plan to expand the range of IP addresses for the API services on the following endpoints:
We will be using the same IP addresses as listed below which are also documented in the MTS FAQ [https://ppmts.custhelp.com/app/answers/detail/a_id/92] .
ACTION REQUIRED: if you are using ACL (access control list) on your firewall to restrict outbound access to the IP addresses currently in the DNS when connecting to PayPal API endpoints, then you will need to update your firewall rules to allow outbound access to the additional IP addresses.
There’s no action required if you are using DNS (domain name system) to make API requests to PayPal and your firewall does not restrict outgoing traffic to a limited set of IP addresses.
While these changes must be made by early March, 2012, we strongly encourage merchants to make any necessary updates by November 15th 2011 as this will help minimize any potential disruptions during the holiday season.
For more information on IPN, please refer to https://www.paypal.com/ipn .
For more information on PayPal APIs, please refer to https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/howto_api_reference .
If you are not sure whether this applies to you or not, then please contact your IT personnel. If you are using a third party vendor for the integration, like a shopping cart vendor etc, then please contact the vendor.
New IP address ranges for ipnpb.paypal.com and the PayPal API endpoints:
• 188.8.131.52October 7, 2011 at 11:17 am #37373wzpModerator
The majority of eStore users, perhaps 99.5%+, are unaffected. This will only affect you, IF you are hosting your own server, behind a FIREWALL that uses Access Control List (ACL) rules.
Under ACL rules, the firewall compares requested URL connections with a list of preconfigured/associated IP addresses. If the requested URL domain doesn’t match a vetted IP address, the connection is blocked.
If you are affected, then any required changes must be made by the network administrator, to the firewall’s ACL rules.
Update: The following announcement should be helpful for this topic:September 10, 2015 at 8:51 pm #37374ShellyMember
I received an email from Paypal about IPN usage. Here’s the what I received in the email.
“PayPal is upgrading the certificate for http://www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.
This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.
You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!
Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.
Testing in the Sandbox is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.
Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.”
I know I enabled IPN on my Paypal account when I added the WP eStore plugin. Is there anything I need to do to keep the WP eStore working with Paypal? I have no idea what I need to change if anything.
Thanks!September 10, 2015 at 11:01 pm #37375paper macheMember
I received the same one. The link in the email goes to paypal-knowledge.com and I am concerned about clicking the link to see what they’re telling me to do. I’m also curious if this will affect WPeStore.
Thanks.September 10, 2015 at 11:15 pm #37376MMMMember
I received the same email. “PayPal is upgrading the certificate for http://www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.”
Is there a certain version of estore that we should be using to avoid any problems?September 10, 2015 at 11:25 pm #37377adminKeymaster
There is nothing you need to do or worry about as far as our plugins are concerned.
Our plugins are already upto date. So you can ignore that message.
- You must be logged in to reply to this topic.