Paypal IPN returning 406 error.

Hi! This seems to be a common problem and I know PayPal IPN is pretty badly thought out but I'm becoming quite frustrated as I have searched the forums and contacted my host already but to no avail.

The site is http://give.dogswithoutborders.org/
IPN is enabled on my verified account and the url from the plugin is http://give.dogswithoutborders.org/wp-admin/admin-ajax.php?action=wdf-ipn-return-paypal

Transactions are completing within PayPal but I am currently getting an error 406.

I am currently adding pledges manually so that our donors feel involved but this is poor use of my time and I would like the plugin to work as it's intended.

thoughts? ideas? thanks :slight_smile:

  • codebloo

    We didn't run it through testing, we just put it live. The giving site is a visual replica of our main site, except it's on a subdomain and the main function is to collect money so there was nothing to test except the plugin, and it's accepting donations correctly, but like many more have said in the past it's just not receiving the correct IPN information.

    We are in the middle of a fundraiser now so I cannot take it into sandbox mode at the moment and I'm not sure how changing the environment to dev instead of live is going to resolve a problem that exists in an otherwise functioning live environment.

    Should the IPN notify url generated by the plugin return the number 0 when you go directly to it? Is there a noted problem running the plugin on subdomains?

  • codebloo

    interesting development.

    Previously the IPN notification URL was set up for a different donation page using Gravity Forms. To integrate gravity forms and paypal you just check a box claiming that the IPN is set to http://dogswithoutborders.org/?page=gf_paypal_ipn in your account.

    It is NOT set to that, it's set to http://give.dogswithoutborders.org/wp-admin/admin-ajax.php?action=wdf-ipn-return-paypal but I received a donation through the main donation form and the IPN registered as sent... is there a way to dump your IPN cache?

  • Tyler Postle

    Hi codebloo,

    Can you check your IPN history in your PayPal account and let us know what it shows for your transactions? You can visit it via your PayPal account => My Account > History sub menu > IPN History.

    You mentioned the HTTP response code was 406? Is that still the case? It will show when you click on a transaction in your IPN history.

    Let me know what you find there :slight_smile:

    Cheers,
    Tyler

  • codebloo

    Hi Tyler,

    Yes the transactions from the fundraising plugin, with the notification URL http://give.dogswithoutborders.org/wp-admin/admin-ajax.php?action=wdf-ipn-return-paypal give me 406 (retrying)

    Transactions that come from the regular donation page (http://dogswithoutborders.org/donate/) using gravity forms work with a transaction code 200 sent.

    Paypal's IPN settings is set to http://give.dogswithoutborders.org/wp-admin/admin-ajax.php?action=wdf-ipn-return-paypal

  • Dharmendra

    Hello @codebloo,

    I hope you are well today and I'm sorry about the delay.

    Could you please re-grant the support access via the WPMU DEV dashboard > support > support access and click "Grant Access". So that I can take a closer look on it?

    It would be great if you go through
    https://developer.paypal.com/webapps/developer/docs/classic/ipn/integration-guide/IPNOperations/
    And let me know the "IPN message" to check this issue further.

    Thanks for your patience!

    Take care!

  • codebloo

    Hl, I have re-granted access, thanks.

    Here's a sample IPN Message.

    transaction_subject=142||00c984eef240||0||0||0||0||0||0||0&payment_date=21:30:16 Jun 07, 2014 PDT&txn_type=web_accept&last_name=Lee&receipt_id=0639-0068-9020-6689&residence_country=US&item_name=Help Jason survive dog attack.&payment_gross=100.00&mc_currency=USD&business=info@dogswithoutborders.org&payment_type=instant&protection_eligibility=Ineligible&verify_sign=AnJwKGe0okcVcMLs-MjjdkdswQJyAqg.4M5vm08X2iIk.p2ZpXgJFySp&payer_status=unverified&tax=0.00&payer_email=slee2207@gmail.com&txn_id=6G739655F7452845F&quantity=0&receiver_email=galit@dogswithoutborders.org&first_name=Seong eun&payer_id=APRVPXGAQJSAJ&receiver_id=UGAHDTEZK9BM8&item_number=00c984eef240&payment_status=Completed&payment_fee=2.50&mc_fee=2.50&mc_gross=100.00&custom=142||00c984eef240||0||0||0||0||0||0||0&charset=windows-1252&notify_version=3.8&ipn_track_id=a1896414d8b96

  • Dharmendra

    Hello @codebloo,

    I hope you are well today! And thanks for posting back and sharing the information.

    I checked the plugin settings and it seems perfect.

    It seems that something is blocking PayPal IPN to reach at your site.

    Could you please contact your web hosting to find out if they are blocking PayPal IPN (maybe they have a firewall which is doing it). I think they will need to whitelist the PayPal IPN (ipnpb.paypal.com) IP addressed as mentioned here https://ppmts.custhelp.com/app/answers/detail/a_id/92

    Here is a similar thread for your reference:
    https://premium.wpmudev.org/forums/topic/paypal-instant-payment-notification-warning-email

    I hope that helps. Please feel free to ask if you have more questions on the same.

    Take care!

  • Dharmendra

    Hello Codebloo,

    I hope you are doing well and thanks for posting back and keeping us updated :slight_smile:

    Sorry to hear that the issue is still not resolved for you. Could you please send me the server logs for http://give.dogswithoutborders.org/ so that we can dig it further and reach at the root cause behind this issue.

    If in case you are not familiar with the server logs, then you can ask your host to provide the same.

    Thanks for your patience!

    Take care!

  • codebloo

    I've been talkign to Green Geeks support and still no luck. I asked about Server Logs this is what they have said/done (below). I tried another donation after this message and still get the same error/reply.

    Is there some other mod_security or php config stuff that I can pass on?

    "I have just checked apache error logs and found the following mod_security rule which was blocked access to your wp-admin path:

    [Tue Jun 10 22:48:57.753647 2014] [:error] [pid 914031] [client 173.0.81.1] ModSecurity: Access denied with code 406 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_ua.conf"] [line "87"] [id "900177"] [msg "Brute Force Attempt HTTP 1.0 w/o Accept Header"] [hostname "give.dogswithoutborders.org"] [uri "/wp-admin/admin-ajax.php"] [unique_id "U5fRqUE8IzIADfJvXygAAAAm"]
    [Tue Jun 10 22:49:17.323465 2014] [:error] [pid 912906] [client 173.0.81.1] ModSecurity: Access denied with code 406 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_ua.conf"] [line "87"] [id "900177"] [msg "Brute Force Attempt HTTP 1.0 w/o Accept Header"] [hostname "give.dogswithoutborders.org"] [uri "/wp-admin/admin-ajax.php"] [unique_id "U5fRvUE8IzIADe4KI5QAAAAG"]
    [Tue Jun 10 22:49:47.597512 2014] [:error] [pid 908851] [client 66.211.170.66] ModSecurity: Access denied with code 406 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_ua.conf"] [line "87"] [id "900177"] [msg "Brute Force Attempt HTTP 1.0 w/o Accept Header"] [hostname "give.dogswithoutborders.org"] [uri "/wp-admin/admin-ajax.php"] [unique_id "U5fR20E8IzIADd4zMZ8AAAAH"]
    [Tue Jun 10 22:49:57.445148 2014] [:error] [pid 915686] [client 66.211.170.66] ModSecurity: Access denied with code 406 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_ua.conf"] [line "87"] [id "900177"] [msg "Brute Force Attempt HTTP 1.0 w/o Accept Header"] [hostname "give.dogswithoutborders.org"] [uri "/wp-admin/admin-ajax.php"] [unique_id "U5fR5UE8IzIADfjmp@4AAAAM"]
    [Tue Jun 10 22:51:24.884729 2014] [:error] [pid 919993] [client 173.0.81.1] ModSecurity: Access denied with code 406 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_ua.conf"] [line "87"] [id "900177"] [msg "Brute Force Attempt HTTP 1.0 w/o Accept Header"] [hostname "give.dogswithoutborders.org"] [uri "/wp-admin/admin-ajax.php"] [unique_id "U5fSPEE8IzIADgm5eiYAAABh"]
    [Tue Jun 10 22:54:04.578562 2014] [:error] [pid 919992] [client 66.211.170.66] ModSecurity: Access denied with code 406 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_ua.conf"] [line "87"] [id "900177"] [msg "Brute Force Attempt HTTP 1.0 w/o Accept Header"] [hostname "give.dogswithoutborders.org"] [uri "/wp-admin/admin-ajax.php"] [unique_id "U5fS3EE8IzIADgm40egAAABg"]
    [Tue Jun 10 22:55:07.710844 2014] [:error] [pid 928321] [client 173.0.81.1] ModSecurity: Access denied with code 406 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_ua.conf"] [line "87"] [id "900177"] [msg "Brute Force Attempt HTTP 1.0 w/o Accept Header"] [hostname "give.dogswithoutborders.org"] [uri "/wp-admin/admin-ajax.php"] [unique_id "U5fTG0E8IzIADipBsR4AAAAm"]
    [Tue Jun 10 22:59:13.338835 2014] [:error] [pid 936818] [client 173.0.81.1] ModSecurity: Access denied with code 406 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_ua.conf"] [line "87"] [id "900177"] [msg "Brute Force Attempt HTTP 1.0 w/o Accept Header"] [hostname "give.dogswithoutborders.org"] [uri "/wp-admin/admin-ajax.php"] [unique_id "U5fUEUE8IzIADktyhu0AAABB"]
    [Tue Jun 10 22:59:38.209371 2014] [:error] [pid 940360] [client 173.0.81.1] ModSecurity: Access denied with code 406 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_ua.conf"] [line "87"] [id "900177"] [msg "Brute Force Attempt HTTP 1.0 w/o Accept Header"] [hostname "give.dogswithoutborders.org"] [uri "/wp-admin/admin-ajax.php"] [unique_id "U5fUKkE8IzIADllIwvEAAAAI"]
    [Tue Jun 10 23:05:47.286144 2014] [:error] [pid 952554] [client 173.0.81.1] ModSecurity: Access denied with code 406 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_ua.conf"] [line "87"] [id "900177"] [msg "Brute Force Attempt HTTP 1.0 w/o Accept Header"] [hostname "give.dogswithoutborders.org"] [uri "/wp-admin/admin-ajax.php"] [unique_id "U5fVm0E8IzIADojq7qsAAAAn"]

    This rule 900177 was disabled.
    Do you have some php configuration information for this donation feature?"

  • Saurabh

    Hi @codebloo,

    This just seems like a problem with your server not allowing callbacks to wp-admin/admin-ajax.php. This used to be a way to enhance security. The other form works because it is on the frontend and doesn't contain wp-admin in the url.

    We cannot test this by calling the url directly. It will produce a plain zero without doing anything unless called by paypal in a particular manner.

    Could you please check with your server guys again and check the server error log, again?

    The payment happens fine and the data is returned properly. It's just that the IPN url is not accessible to PayPal.

    Best

    Saurabh

  • codebloo

    Thank you very much! I will pass this on. My most recent exchange with hosting support indicated that they have ZERO IDEA wtf I am talking about as they said "I get redirected to paypal properly" but didn't mention the return or IPN at all. GREAT.

    UGH THATS NOT THE PROBLEM AS@!#$%#^$&$^&!

    So, hopefully after your most recent message they will be able to resolve it. I will let you know. thank you!

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.