The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PayPal Instant Payment Notification Warning

Discussion in 'Security' started by anniesteephan, Mar 16, 2015.

  1. anniesteephan

    anniesteephan Member

    Joined:
    Oct 31, 2012
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    I am getting following mail from paypal.

    Code:
    Please check your server that handles PayPal Instant Payment Notifications (IPN). Instant Payment Notifications sent to the following URL(s) are failing:
    
    http://billing.xx.com/plugins/gateways/paypal/callback.php
    
    If you do not recognize this URL, you may be using a service provider that is using IPN on your behalf. Please contact your service provider with the above information. If this problem continues, IPNs may be disabled for your account.
    
    Thank you for your prompt attention to this issue.
    
    Thanks,
    PayPal
    
    We are using latest version of clientexec.

    Recently i have installed modsecurity in whm.

    Here is the modsecurity log

    Code:
    Message: Rule processing failed.
    Message: Access denied with redirection to http://billing.xx.com/ using status 302 (phase 2). Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "299"] [id "960015"] [rev "3"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "Host: billing.xx.com"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"]
    Action: Intercepted (phase 2)
    Stopwatch: 1425287937186573 77823 (- - -)
    Stopwatch2: 1425287937186573 77823; combined=399, p1=83, p2=181, p3=0, p4=0, p5=98, sr=34, sw=37, l=0, gc=0
    Producer: ModSecurity for Apache/2.8.0 (http://www.modsecurity.org/); OWASP_CRS/3.0.0.
    Server: Apache
    Engine-Mode: "ENABLED"
    
    callback.php is attached with this.

    Is this related to modsecurity, if so, how can I fix it ?

    Please help me to resolve this issue.

    Thanks,

    Annie
     

    Attached Files:

  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,476
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Home » Security Center » ModSecurity™ Tools » Hits List

    In top search tool there, type this: 960015
    In results, click the "Rule ID" to right side.
    Untick, "Enable Rule"
    Click Save.
     
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Apparently Mod security isn't foolproof, and some rules may have to be disabled to allow it to work for your particular setup.

    Incidentally 960015 was one of the first ones I had to disable.
     
Loading...
Similar Threads - PayPal Instant Payment
  1. bear
    Replies:
    3
    Views:
    644
  2. angelleye
    Replies:
    10
    Views:
    620

Share This Page