paypal change required by June 2018

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Cobra SA
    Senior Member
    • May 2007
    • 203

    paypal change required by June 2018

    I've received a mail from paypal, apparently the code needs to be changed before June 2018



    it seems like ipnbp.paypal.com needs to be added to the code somewhere, do you have more details?

  • Mrs.T
    Senior Member
    • Nov 2007
    • 1210
    • 6.0.X

    #2
    Are you sure that the email is genuine, that link gives an insecure link warning.

    Comment

    • Wayne Luke
      vBulletin Technical Support Lead
      • Aug 2000
      • 73976

      #3
      You will probably have to update the Paypal file under /includes/paymentapi.
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud demonstration site.
      vBulletin 5 API

      Comment

      • Falcon Capt
        Senior Member
        • May 2006
        • 237
        • 4.2.x

        #4
        Originally posted by Cobra SA
        I've received a mail from paypal, apparently the code needs to be changed before June 2018



        it seems like ipnbp.paypal.com needs to be added to the code somewhere, do you have more details?
        See here for the changes needed, very easy to fix.

        Comment

        • gnrx
          Senior Member
          • Feb 2009
          • 241

          #5
          I received the same email.
          Thanks for the replys

          Comment

          • gnrx
            Senior Member
            • Feb 2009
            • 241

            #6
            I review the file for made the change:


            But I view that, in my file, this change is already made, I use vb 4.2.5 and view that, I don't need this change because in my file, are the new files.

            But the other day, paypal send me a email indicate thhis:

            Forwarding checks from IPN to HTTPS (Carry out before June 2018)
            - Necessary change: Yes

            In my site, I use https...

            Regards.

            Comment

            • Mark.B
              vBulletin Support
              • Feb 2004
              • 24286
              • 6.0.X

              #7
              Isn't this email just going out to everyone? I don't think they are targeting only people who haven't made the change.

              My understanding is - they are advising you that you need to make sure the change is made, if it's already done then no problem.

              Unless someone can correct me on this.
              MARK.B
              vBulletin Support
              ------------
              My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
              My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

              Comment

              • gnrx
                Senior Member
                • Feb 2009
                • 241

                #8
                Its possible this, Mark, also I think this, but in the email, indicate others ckecks also, and only this, indicate its necessary.

                I copy the entire mail (with translator):

                Code:
                At PayPal, one of our main priorities is to ensure that both our customers and their customers manage and transfer money securely and securely online or through a mobile device. We are committed to providing the highest level of security to protect customer transaction data and we are updating our systems to ensure that the most recent and secure protocols are processed or processed. This year, we are asking all of our vendors to also implement certain important security changes.
                
                Our records indicate that you still have to make critical security improvements on your systems. If you see a "Yes" next to a security change, it means that you need to update your integration to accept that security measure before the specified date:
                
                • Change to TLS 1.2 and HTTP / 1.1 (Perform before June 2018)
                - Necessary change: No
                
                • Forwarding checks from IPN to HTTPS (Performed before June 2018)
                - Necessary change: Yes
                
                • Interruption of the use of the GET method for the classic NVP / SOAP APIs (Performed before June 2018)
                - Necessary change: No
                
                • Change of API certificate credentials for sellers (Perform before June 2018)
                • It is possible that these changes have to be made before depending on the expiration date of your certificate.
                - Necessary change: No
                
                How should I make these changes?
                
                We are here to help you. You can find more information about the necessary changes and how to make them in our security microsite for sellers 2017-2018. There you will find detailed information about these changes and how they affect you. You can also check the technical details of each of the necessary changes.
                
                If you need more help, we encourage you to contact your web hosting company, e-commerce software provider, your own web programmer or your system administrator.
                
                PayPal will start testing the updated connections
                
                Keep in mind that, in the coming months, PayPal will carry out several rounds of simulation tests of the updated security experience so that the vendors can know the areas of their integration for which changes should still be made in the protocols of security. If you have already made the necessary changes described in the 2017-2018 vendor security microsite, your PayPal integrations will not be affected. If you have not yet made the necessary changes, we encourage you to do so as soon as possible to avoid interruptions in the service that may arise during the testing of security changes.
                
                The dates of these tests and the full implementation will be published on the security vendor security testing page at least two weeks before the implementation. For this reason, add the page to favorites and visit it frequently to get the latest and most up-to-date information.
                
                Thank you for using PayPal and helping us maintain the highest security standards for our shared customers around the world.
                Regards.

                Comment

                • Trevor Hannant
                  vBulletin Support
                  • Aug 2002
                  • 24325
                  • 5.7.X

                  #9
                  If that file already shows the new https address at that line, then you should be fine.
                  Vote for:

                  - Admin Settable Paid Subscription Reminder Timeframe (vB6)
                  - Add Admin ability to auto-subscribe users to specific channel(s) (vB6)

                  Comment

                  • Cobra SA
                    Senior Member
                    • May 2007
                    • 203

                    #10
                    Originally posted by Falcon Capt

                    See here for the changes needed, very easy to fix.

                    https://www.vbulletin.com/forum/foru...24#post4341524
                    Thank you, this is really appreciated.

                    I assume this will have no impact on ongoing subscriptions? I really would hate messing up the current subscriptions.


                    *edit

                    actually it doesn't seem like it solved my issue
                    I already had these parameters.... but paypal still thinks that I'm not compliant with their new policy


                    @Mark.B

                    We really need some support here.
                    Last edited by Cobra SA; Fri 16 Mar '18, 12:19pm.

                    Comment

                    • Falcon Capt
                      Senior Member
                      • May 2006
                      • 237
                      • 4.2.x

                      #11
                      Originally posted by Cobra SA

                      Thank you, this is really appreciated.

                      I assume this will have no impact on ongoing subscriptions? I really would hate messing up the current subscriptions.


                      *edit

                      actually it doesn't seem like it solved my issue
                      I already had these parameters.... but paypal still thinks that I'm not compliant with their new policy


                      @Mark.B

                      We really need some support here.
                      The changes made in the file that I indicated above will not "break" older subscriptions, they will continue to work normally.

                      Comment

                      • Mark.B
                        vBulletin Support
                        • Feb 2004
                        • 24286
                        • 6.0.X

                        #12
                        It's possible PayPal won't 'know' you're compliant until the next time a payment goes through. They could simply be looking at the last payment record.
                        MARK.B
                        vBulletin Support
                        ------------
                        My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
                        My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

                        Comment

                        • gnrx
                          Senior Member
                          • Feb 2009
                          • 241

                          #13
                          Originally posted by Mark.B
                          It's possible PayPal won't 'know' you're compliant until the next time a payment goes through. They could simply be looking at the last payment record.
                          I think not because, my last paymens are with new code in file (with https), I never edited this file, for this reasson I think that, I have good this file since my update to vb 4.2.5. From this moment, I have payments by paypal, and I received this email a 2 days ago.

                          Comment

                          • Mark.B
                            vBulletin Support
                            • Feb 2004
                            • 24286
                            • 6.0.X

                            #14
                            Originally posted by gnrx

                            I think not because, my last paymens are with new code in file (with https), I never edited this file, for this reasson I think that, I have good this file since my update to vb 4.2.5. From this moment, I have payments by paypal, and I received this email a 2 days ago.
                            I really couldn't say then. I very rarely deal with PayPal. The changes suggested (bearing in mind there's more than one line to change) seem to comply with what PayPal have asked for.

                            The changes also mirror what vB5 has by default.
                            MARK.B
                            vBulletin Support
                            ------------
                            My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
                            My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

                            Comment

                            • Cobra SA
                              Senior Member
                              • May 2007
                              • 203

                              #15
                              Originally posted by Mark.B
                              It's possible PayPal won't 'know' you're compliant until the next time a payment goes through. They could simply be looking at the last payment record.
                              I had those parameters for over a year according to the file date stamp and I still received the email by paypal that says I need to update my code by June

                              This is serious matter we need help

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...