HIde My WP Blocks PayPal from Communicating with Membership Plugin

[turner2f]

I am using “Ultimate Membership Pro”
https://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253

================

Hide My WP is preventing PayPal from communicating with the Membership Pro plugin so that the plugin is NOT able to mark the subscription as “Paid”.

The plugin is not being communicated with so that it does not even know that a transaction has taken place, hence the subscriber is not able to access the “Member ” pages that they just paid for.

================

Hide My WP blocks the following IP ( as an attack ) from PayPal, Preventing Payal from communicating with the membership plugin so that it can know that a payment was actually received…

173.0.81.1

I even “excluded” the IP and it still did not work.

The following potential attack has been detected by HMWP IDS

If it’s you please Exclude that parameter or increase Notify Threshold from IDS settings.
In most cases you don’t need to do anything. Hide My WP protects you!

IP: 173.0.81.1
User ID:
Date: 2016-10-29T09:26:21+00:00
Total Impact: 50
Affected tags: sqli id lfi xss csrf rfe

Affected parameters: REQUEST.custom=%7B%26quot%3Buser_id%26quot%3B%3A%26quot%3B63%26quot%3B%2C%26quot%3Blevel_id%26quot%3B%3A%26quot%3B1%26quot%3B%7D, POST.custom=%7B%26quot%3Buser_id%26quot%3B%3A%26quot%3B63%26quot%3B%2C%26quot%3Blevel_id%26quot%3B%3A%26quot%3B1%26quot%3B%7D,

Request URI: /404_Not_Found
Origin: 66.147.235.201

================

Hide My WP appears to be blocking the following PayPal IPN URL:
http://yourwebsite.com/wp-content/plugins/indeed-membership-pro/paypal_ipn.php

The author for the “Ultimate Membership Pro” plugin said…

Ensure that there is no restriction and enough permission to access the IPN file via URL.

Your IPN URL is based on your plugin path and ipn file:

For example: yourwebsite.com/wp-content/plugins/indeed-membership-pro/paypal_ipn.php

If you are not able to access your IPN file via a web browser or you get any error (like 500 server error) it means that the PayPal API cannot access communication with the Membership plugin

ALSO please see the knowledgebase for the “Ultimate Membership Pro” plugin.

http://help.wpindeed.com/ultimate-membership-pro/knowledge-base/paypal-payment-not-working/

as a reference.

=============

Please help

• This topic was modified 8 years, 3 months ago by turner2f.

[turner2f]

UPDATE

I DE-activated the “Enable IDS” and now PayPal communicates just fine with the “Ultimate Membership Pro ” subscription plugin.

===========

But now there is the issue of me not being as fully protected as before.

Is there a way that I can create an “Exclusion” for the request that PayPal is sending ?

So that I can RE-enable the “PHP IDS” function for the “Hide My Wp” plugin.

=============

The PayPal IP Address is 173.0.81.1

The two (2) requests that I get from the PayPal IPN are…

POST.custom

REQUEST.custom

Should I add these to my exclusion list ( “Exception fields” within HMWP ) ?

Or will this open me up for more problems ( attacks ) ?

===========

Look forward to your reply.

• This reply was modified 8 years, 3 months ago by turner2f.

[turner2f]

When I look inside the “Instrusions” section I see that PayPal is trying to find or ping…

/?ihc_action=paypal

Not certain if this is helpful to my situation, but please let me know if it is.

[Suman M.]

Hi, goto Dashboard >> Intrusions, hover over the request(s) that are related to the blocked requests/plugins and click on ‘Exclude’ link to add them to exception list.
If still the issue then please try increasing the ‘block threshold’ value (IDS Firewall tab) to 30 or 40.
Let us know.

[Author]

Posts