Purchase OIOpublisher now for just $47.

Take control of your ad space.

Click here to purchase

Subscribe   OIOpub Blog » Wordpress Conflicts » Article: OIO and Bad Behaviour

OIO and Bad Behaviour

Filed under: Wordpress Conflicts

This is the first post in a series that looks at potential problems that OIO can have with other well-known WordPress plugins. You can see the entire series here.

Bad Behaviour is a plugin used by many security-conscious WordPress blog owners to restrict access to the blog. One of the ways it does that is to restrict calls from other websites, unless their IP address is whitelisted (ie. Bad Behaviour is told to let through traffic for that IP address).

By default, Bad Behaviour blocks calls from payment services like PayPal’s IPN, meaning OIO won’t get told when a valid payment has been made. This blocking applies to any automated payment notification, as well as calls by OIO itself (via the marketplace API key).

Luckily, Bad Behaviour comes with a whitelist file that we can use to add IP addresses, to prevent this blocking. I’ll use paypal in the example below, as it is the most common cause of complaint.

PayPal IPN Example

1.) Firstly, we need to find the IP addresses to add to our whitelist. PayPal provides a list of these here (other payment services will probably provide something similar). The IPN is governed by the IP addresses at notify.paypal.com, which at the time of writing are:

216.113.188.202
216.113.188.203
216.113.188.204
66.211.170.66

2.) Now we’ve got our list of IP addresses, it’s time to find the Bad Behaviour whitelist. There is a file within the plugin’s “bad-behaviour” directory called whitelist.inc.php. Open this file and you should see the following php code near the top:

$bb2_whitelist_ip_ranges = array(
“64.191.203.34″,    // Digg whitelisted as of 2.0.12
“208.67.217.130″,    // Digg whitelisted as of 2.0.12
“10.0.0.0/8″,
“172.16.0.0/12″,
“192.168.0.0/16″,
//”127.0.0.1″,
);

3.) Now let’s add the PayPal IPN addresses to that section of code, save the file, and we’re done:

$bb2_whitelist_ip_ranges = array(
“64.191.203.34″,    // Digg whitelisted as of 2.0.12
“208.67.217.130″,    // Digg whitelisted as of 2.0.12
“10.0.0.0/8″,
“172.16.0.0/12″,
“192.168.0.0/16″,
//”127.0.0.1″,
“216.113.188.202″,
“216.113.188.203″,
“216.113.188.204″,
“66.211.170.66″,
);

If you’re having problems with any other automated notification systems while using Bad Behaviour, simply repeat the process above using the IP addresses of that provider.

OIOpublisher IP Address

In case you’re also having problems authenticating your API key, you might want to add the IP address of OIOpublisher.com to the whitelist. At the time of writing, this is:  91.198.165.34

2 Comments so far

Dmitriy | April 24, 2012

Possible easier solution is the following. Using the BB’s built-in whitelisting utility (http://yousitedomain/wp-admin/options-general.php?page=bb2_whitelist) enter the known PayPal IPs. In addition to that, use the URL box to enter URLs or *your* IPN notification script, in the following format (exclude the domain name):
/ipn_notification_script.php

To give a real example, the WP themes by Templatic use the following URLs:

/?page=cancel_return&pmethod=paypal
/?page=return&pmethod=paypal
/?page=notifyurl&pmethod=paypal

That way, even if the PayPal IP even changes, these URLs will always be available (whitelisted).


Conflict Program | July 31, 2012

This is very beneficial information. Simon, What motivated you to call this blog “OIO and Bad Behaviour”, not that the title does not go with the content, I am just wondering. Another good post Simon.


Leave a Comment

Name: (required)

Email: (required)

Website:

Comments