Imported From: http://groups.google.com/group/in-portal-bugs/browse_thread/thread/1fa00507a6a863e2#
as per my searches, all in-commerce installs from 5.0.1 feature a new
security, an .htaccess in in-commerce/units.
This .htaccess is just a "deny from all", and thus all payments done
via gateways can't escape the "incomplete" state, as the notify script
isn't reachable from front.
I propose to add an exclude for notify_scripts directory.
Phil.