Collecting Customer's IP address during checkout - why is everyone 172.16.10.1 ?

[rwoody]

I have two stores basically the same - the exact same version both using USAePay. One collects the IP and sends it over to USAePay for my customer to have on file (he uses it to detect fraud) - the other does not...

What have I not clicked in the admin on one that I have on the other to get this to work.... I've gone through seemingly every screen and can't find a reference to save or not to save the customer's IP. Both sites are 1.3.8a.

Ruth

[rwoody]

I've looked into this further after the customer contacted me. It is collecting an IP address... the same one for every transaction. This problem is not related to our merchant account as I just did a test transaction using check/money order and it once again collected the same IP.

The IP being displayed is 172.16.10.1 - 172.16.10.1 and that is not my IP for sure -nor is it the IP of 25 other customer's that have purchased. This is really critical as it is used as a tool to help prevent fraudulent transactions. Can anyone please lend some insight into what's going on here?

This started after moving the site and in doing so I did a clean install of files and then loaded the rebuilt db.

Thanks

[rwoody]

I know I seem to be talking to my self but in checking out everything I've now noticed in the footer where the IP is set to display - it is also displaying that incorrect IP address... now I'm really confused... I've double check the code and it's fine - I even removed all the other "stuff" in the footer and put just the IP code back (copying it from the default template) and I get the same result - the same IP address is showing... arghhh...can someone enlighten me here...:

Click here to check your address against the foother

[DrByte]

This started after moving the site

You'll need to ask your new hosting company why all your visitors are showing up as having the same private IP address.
It's most likely a result of their firewall and/or some sort of proxy configuration.


Granted, Zen Cart already checks for most known proxy configurations to attempt to pull the right IP address even in most odd server configurations.

[rwoody]

I just installed the User tracking and there it is again.. that same IP!! I was thinking the same exact thing. This is a really weird setup on this server - I'll see what I can find out. Thanks a ton for checking in on this..

Have a super day!!

Ruth

You'll need to ask your new hosting company why all your visitors are showing up as having the same private IP address.
It's most likely a result of their firewall and/or some sort of proxy configuration.


Granted, Zen Cart already checks for most known proxy configurations to attempt to pull the right IP address even in most odd server configurations.

[DrByte]

By the way, who are you hosted with?

[rwoody]

Dr. Byte - hope you can help - the server company came back and gave my customer the following: The told him to replace server array code with:

PHP Code:

 HTTP_X_CLUSTER_CLIENT_IP 


I looked up the "Get IP function and found the following -
(I'm pulling this from the functions_general.php file around line 756)

PHP Code:

////
  function zen_get_ip_address() {
    if (isset($_SERVER)) {
      if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
      } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
        $ip = $_SERVER['HTTP_CLIENT_IP'];
      } else {
        $ip = $_SERVER['REMOTE_ADDR'];
      }
    } else {
      if (getenv('HTTP_X_FORWARDED_FOR')) {
        $ip = getenv('HTTP_X_FORWARDED_FOR');
      } elseif (getenv('HTTP_CLIENT_IP')) {
        $ip = getenv('HTTP_CLIENT_IP');
      } else {
        $ip = getenv('REMOTE_ADDR');
      }
    }

    return $ip;
  } 


Is the following what they are asking me to do and does it makes sense to you? As I tried it and nothing changed -

PHP Code:

function zen_get_ip_address() {
    if (isset($_SERVER)) {
      if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
      } elseif (isset($_SERVER['HTTP_X_CLUSTER_CLIENT_IP '])) {
        $ip = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP '];
      } else {
        $ip = $_SERVER['REMOTE_ADDR'];
      }
    } else {
      if (getenv('HTTP_X_FORWARDED_FOR')) {
        $ip = getenv('HTTP_X_FORWARDED_FOR');
      } elseif (getenv('HTTP_X_CLUSTER_CLIENT_IP ')) {
        $ip = getenv('HTTP_X_CLUSTER_CLIENT_IP ');
      } else {
        $ip = getenv('REMOTE_ADDR');
      }
    }

    return $ip;
  } 


I'm really unfamiliar with what they are trying to do here, but the company fully admitted it was their setup that was blocking the IP detection. (Why they are doing this as standard practice is beyond me - one more reason I have my own servers - arghhh)-.

Is there somewhere else I need to change this code. I saw a similar line of code in the "Who online" file - I think I'm a bit outside of my expertise here.

Ruth

[Website Rob]

It would appear the Hoster is running Clustered Servers and using a form of custom code or incorrect code, for IP referencing.

Odds are that other IP related problems are going to occur but the big issue is the Originating IP. As many Merchant Gateways use IPs to determine not only Fraud but if they will even process the Order, I suggest finding a new Hoster. You mention you have your own Servers and that might be the best solution of all in this case. At least that way, if there is a problem you can login to the Server and fix anything.

[rwoody]

Ok, I'm going to try this again. I spoke with the tech and was given this info:

Your script is calling for the "REMOTE_ADDR" and receives the IP of a server in front of one of our back-end servers. The web facing server is then passing the scripts output without giving the expected REMOTE_ADDR of the visitor. In order for your scripts to recognize that they are on a cluster and log the correct IP of your visitors, you will need to replace and add the code below.

For PHP:
Locate any lines of code that are similar to this snippet of code,
$_SERVER['REMOTE_ADDR'];
And replace it with this snippet of code,
$_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];

They "claim" they have tons of Zen-Cart's running... I want him on my server, but I have one shop (same products different look) on my server and he wants one on a different server in the event of a disaster - he doesn't lose both shops...arghhhh - My server(s) are specifically optimized to handle Zen-Cart and Joomla - that's all I have on them and they run perfectly!!! Oh well... I guess I'm off a "grepping"...LOL



What a pain!!!

[DrByte]

As to changing Zen Cart code, the change you've suggested in functions_general is what I'd recommend too.

If you're planning to change REMOTE_ADDR elsewhere, change it to zen_get_ip_address() instead of $_SERVER['HTTP-blahblahblah-that-they-suggested']
and just keep the changes you made to functions_general.