Paypal Ipn And Google Recaptcha (Addon From Ecom Labs) Stoped Working

I know this is far fetched and many will say is a server problem, but from my host they say nothing is going on and I have the following 2 issues since yesterday morning):

Paypal IPN communication stopped working, order status remains Open with the message "Accepted, awaiting ipn for processing";

Google Recaptcha does not work at all, it states that the code is incorrect or missing and does not even show any images.

Does anybody have any idea of what may be going on?

Thank you,

Tania

Do you have any new records in the server error logs?

No errors are shown on the logs, this is a complete mistery

I'm having the same problem with paypal. All orders stay on open since y-day. Captcha works OK though.

Same here with the "Open" PayPal IPN Order Statuses (and PayPal Express Checkout orders) - I did not test Google Recaptcha yet. Something to note: if the IPN is not "acting" with the cart, when you do refunds, Full Refunds will not change the order status to "Refunded" automatically and Partial Refunds will not add the refund amount/timestamp note in the "Customer notes" area of the order (if you had it setup that way).

I called PayPal earlier today and they mentioned if you can see the IPN history within PayPal, that means the IPN was sent from their side - mine all seemed ok from what I saw (they also said they did not make any recent changes to the setup). Your PayPal IPN History Link is located at (log in first):

https://www.paypal.com/ie/cgi-bin/webscr?cmd=_display-ipns-history&nav=0.3.2

Something to note: Our VPS host (GoDaddy) mentioned in a prior e-mail: "We'll be performing maintenance on your server Between Tuesday, November 06, 2018 11:30 PM and Wednesday, November 07, 2018 11:30 PM MST" After these patches were installed is when we most likely started having "Open" Order Status issues occurring with successful payments (in the orders, the payment status is stuck on: Open, when two days ago it would automatically be on: Processing - or Refunded if it was refunded). I first tried rebooting the server, then I tried to tweak the Apache ModSecurity rule settings to allow paypal through just in case, but that did not seem to do anything, assuming I added it correctly.

Any thoughts on how to get the IPN working with the cart again?

Hi.

I wanted to shed some light on this issue as I'm having it with almost any addon that makes any external API request. My addons that are affected are instagram, paypal express and authorize.net

In short, header responses are not being filtered (or properly exploded).

For example, if you look in the CS-Cart logs, you can see responses such as this Instagram call

RL: https://api.instagram.com/v1/users/self
Request: 'access_token=[REMOVED]'
Response: HTTP/2 200 content-type: application/json; charset=utf-8 x-ratelimit-limit: 200 x-ratelimit-remaining: 199 cache-control: private, no-cache, no-store, must-revalidate pragma: no-cache expires: Sat, 01 Jan 2000 00:00:00 GMT vary: Accept-Language, Cookie, Accept-Encoding content-language: en date: Fri, 09 Nov 2018 17:31:28 GMT content-length: 544 strict-transport-security: max-age=60 x-frame-options: SAMEORIGIN content-security-policy: report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd; worker-src 'self' https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests x-content-type-options: nosniff x-xss-protection: 0 set-cookie: rur=FTW; Domain=.instagram.com; HttpOnly; Path=/; Secure set-cookie: urlgen="{\"74.80.237.92\": 22241}:1gLAcy:vNlmiMiDVzsRMcxCyc9oxybBlwc"; Domain=.instagram.com; HttpOnly; Path=/; Secure set-cookie: mcd=3; Domain=.instagram.com; expires=Mon, 06-Nov-2028 17:31:28 GMT; Max-Age=315360000; Path=/; Secure set-cookie: csrftoken=chF1Oav3OqH98wVGqrwdcN3zVGIj0zYO; Domain=.instagram.com; expires=Fri, 08-Nov-2019 17:31:28 GMT; Max-Age=31449600; Path=/; Secure {"data": {"id": "1297109755", "username": [removed everything after this] 

The area starting at data { should be the only response. However, header information is coming through. I was able to modify our carts authorizenet_aim.php to match what is coming through to allow us to receive CC payments. Paypal works as well but CS-Cart is not processing them. I'm curious if this is an issuing with servers using HTTP/2

Here's a sample from Paypal as of today

Response: HTTP/2 200 server: Apache x-frame-options: SAMEORIGIN http_x_pp_az_locator: dcg12.slc paypal-debug-id: d3d7c8d424da7 cache-control: max-age=0, no-cache, no-store, must-revalidate pragma: no-cache content-type: text/html; charset=UTF-8 dc: ccg11-origin-www-2.paypal.com date: Fri, 09 Nov 2018 17:31:14 GMT content-length: 8 set-cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=LSjDzrrqJyd9BoIKkvvlBOrL5dXJEB9BqqgcuJvcex4vzQtm1nYEGe1Q40N0HNKLvPPOkuz1OGTgI_z15s6QZycBtEwNr5T6nN4v71hUGJWJkHjbE_-JYafYdQt_4uTBRTTEfLAvzr_TfGuS0vIOYoSHhe7oHdkI_4eniu4yikZLau4b1KTVtYVK_eo_Ln2h1CKqnxUbg5udRbwBdyfo4se0az6ig3tCMTZXZhrk-kA0xknXRlqm7sbQxQXkiNQL6ZflZEhi3I6YVtpf3gtAQ-ZwLPfcly1Qhu_iKaoAuPB_HDek1D_54Mb-GA-b1IpWZe2c2o61RBuELlP0WAlv3nKialisxu228CUYGiBQVt_AAsqvvqKlqH4J3hX81JSvd43IPiZGRFHnvmhggtAVJkvGy6CckCDaTW-qoG5PrpdcMUY9y5rkYa9HJOS; domain=.paypal.com; path=/; Secure; HttpOnly set-cookie: cookie_check=yes; expires=Mon, 06-Nov-2028 17:31:14 GMT; domain=.paypal.com; path=/; Secure; HttpOnly set-cookie: navcmd=_notify-validate; domain=.paypal.com; path=/; Secure; HttpOnly set-cookie: navlns=0.0; expires=Sun, 08-Nov-2020 17:31:14 GMT; domain=.paypal.com; path=/; Secure; HttpOnly set-cookie: X-PP-SILOVER=name%3DLIVE5.WEB.1%26silo_version%3D880%26app%3Dappdispatcher%26TIME%3D1657070939%26HTTP_X_PP_AZ_LOCATOR%3Ddcg12.slc; Expires=Fri, 09 Nov 2018 18:01:14 GMT; domain=.paypal.com; path=/; Secure; HttpOnly set-cookie: X-PP-SILOVER=; Expires=Thu, 01 Jan 1970 00:00:01 GMT set-cookie: AKDC=ccg11-origin-www-2.paypal.com; expires=Fri, 09-Nov-2018 18:01:14 GMT; path=/; secure set-cookie: akavpau_ppsd=1541785274~id=e0971bb86be5723596ffa8a8632bdb3d; Domain=www.paypal.com; Path=/; Secure; HttpOnly strict-transport-security: max-age=63072000 VERIFIED

The only thing that should show up is verified. I have eliminated our servers as an issue as well as third party API's as the issue. It does appear to me that this issue is entirely CS-Cart based. Correct me if I'm wrong. Offer insight on how to fix as well.


Thanks!

An update; just fixed the google recaptcha by installing the addon from cart power instead of the one I had. Thanks cart Power!

PayPal problem resists to go away, even if my host (tsohost.uk) states that they have done nothing to the server, I see no other logical explanation for the IPN not coming trough.

Requested help from PayPal technical assistance, they don't see a problem.

Since we all started to have problems like this on the same day, it can't be a coincidence. Are you all on WHM / Cpanel bu any chance?

https://forum.cs-cart.com/tracker/issue-6964-some-paypal-orders-come-in-as-open-and-dont-change-to-processes/

I'm on WHM/Cpanel....any solution yet? All of my paypal express orders remain open until manually changed to processed.

Security patch with PayPal pre something???

Security patch with PayPal pre something???

It's unrelated. This started to happen some days ago without any change to our software, and it's EVERY paypal order, not just an occasional one.

It's unrelated. This started to happen some days ago without any change to our software, and it's EVERY paypal order, not just an occasional one.


Was just an info, I have uploaded the security patch and enabled Google recaptcha... is it possible that Google recaptcha is preventing paypal to pass the ipn code?

Was just an info, I have uploaded the security patch and enabled Google recaptcha... is it possible that Google recaptcha is preventing paypal to pass the ipn code?

No, it is not possible. Recaptcha is checked in certain controllers only. IPN does not use these controllers

for me problem with open orders are only in iframe mode

for me problem with open orders are only in iframe mode

But with you it happens occasionaly, right? With me and I guess the others here, since last week Thursday or so, each and every paypal order stays on open.

My guess, and I'm no expert, is that PayPal changed something on the IPN calls witch made PayPal Payments addon flawed.

On my paypal IPN history everything seems ok, no errors, the IPNs are being sent (according to paypal), the issue is that cs cart is not receiving them properly.

This is something that should be investigated by cs-cart team, i think...

In paypal ipn history you can re send IPN msg, try if this would change order status open to processed. If so then I do not think its paypal fault.

My guess, and I'm no expert, is that PayPal changed something on the IPN calls witch made PayPal Payments addon flawed.

On my paypal IPN history everything seems ok, no errors, the IPNs are being sent (according to paypal), the issue is that cs cart is not receiving them properly.

This is something that should be investigated by cs-cart team, i think...

That I tried, my PayPal IPN history area does not have that option, to resend IPM, I can only see them. I'm with PayPal Spain.

At first I thought it was because I have IPN history off within Paypal (although I can see IPN history all the same), but then cs-cart states on all nstructions that we do not need to have those configurations done on PayPal, that that's what the PayPal Payments addon is for.

I also have WHM/Cpanel (CentOS) - The issue occurred right after a forced server patch of us. My money is currently on server side, not PayPal (it would be an impeccably timed event). What sort of things could prevent the IPN notice from "communicating" to the cart fully? (and is there any "safe" data that we could provide that would help trouble-shoot the issue more to narrow it down some?) It looks like more people are realizing an issue and saying something about it... Thanks!