Connection error to server

[Tarnak]

This problem has reoccurred in one of my snapshots...

I have tried to reactivate, but get this every time:

---------------------------
Process Lasso
---------------------------
Bitsum's web server does not appear to be accessible! Check for firewalls or security software that may be blocking it, or check your general network connectivity.
---------------------------
OK   
---------------------------

 I have checked , and there is nothing that I can see to prevent connecting to the server for checking validity.

[Jeremy Collake]

The error message is as it presents. I added a 'server availability check' and it is failing. So, there is a connectivity block somewhere. Your end, our end, somewhere in-between, I don't know. So far we, or our automated monitors, haven't detected any outages. Let us know if it continues to fail today.

The loss of activation should still only occur on major (e.g. CPU) hardware changes or registry cleaners that are too aggressive.

[Tarnak]

Still failing... I just have to manually apply the beta updates, instead of getting automatically. No biggie, i guess.

[Jeremy Collake]

It's a biggie actually. Our automated updater is awesome.

You clearly have access to the web site, so that rules out a few possibilities.

You are technically sophisticated enough to be aware of what your security software is doing.

I don't believe there are any pertinent security measures on the server that would be acting here, but will check your IP in the logs to be safe.

[Jeremy Collake]

This topic was split into a new one since it is a different issue than the original report.

[Tarnak]

Hi,  Just had a lot of trouble logging to the forum...I don't know why.   I got in via the new look website.

I can't try Edge because I am on XP. 

P.S.   I am in another snapshot, and last night it updated via automatic updates, to v8.9.4.4, and a short time ago, to v8.9.4.5 beta. No problem,  with that snapshot.

[Jeremy Collake]

Oh -- that explains it, maybe.

XP /w IE6 is limited to SSLv3 only, so if you never updated IE, it's possible it impacts it.

One, SSLv3 was deprecated from the server (and a large part of the internet) due to the risk of a POODLE attack. It's many years past it's prime, TLS replaced it a long time ago, though we all still say 'SSL', the actual protocol name has changed. Browser vendors are in a frenzy to disable SSLv3 support entirely (see post below).

Now, POODLE is not that big a risk to *us*, so I will re-enable SSLv3 real quick and you can try again... Maybe it matters. Let me know.

The fact that you had connection troubles means you have an inconsistent connection to the web server, if and in addition to any SSLv3 issue with Internet Explorer in IE (matters because Lasso is using the Windows Internet APIs).

UPDATE: SSLv3 is now re-enabled, so let me know if that does matter, though the inconsistent connectivity may be a monkey wrench in the analysis.

[Tarnak]

I will try later, today, when I am back in that snapshot.  I will then report back, here. 

P.S. BTW, I have never heard of Poodle, and what it is and how it attacks.

[Jeremy Collake]

POODLE is a vulnerability in SSLv3 that could allow an attacker to decrypt some of your encrypted session.

Only XP with IE6 is limited to SSLv3, everything else moved on long ago.

The only issue with leaving SSLv3 enabled is the HTTPS negotiation can be tricked into failing down to SSLv3, the insecure old protocol.

TLS 1.2 is used by all modern browsers right now, and they are all scrambling to disable SSLv3 support entirely so that an attacker can't trick the connection to be downgraded to SSLv3.

[Tarnak]

I know why I couldn't log in earlier, and I had trouble again....I remember back in November, and I posted about it then, when I changed my password.

Apparently, I have two passwords. The original, which allows me login to the original site. And, the other password which works for the new site, or perhaps not. I am confused, with the change, and I mentioned it my post/s in November.

As to the original problem, the change you said you would make temporarily has done the trick, and the activation has now worked. 

[Jeremy Collake]

So now we know that there are still people out there with XP and IE6. I am surprised, I must admit .

Now that the major browser vendors are all quickly updating to resolve this issue with SSLv3, we will leave SSLv3 enabled on our servers. Basically, they are making it so no user session can be manipulatively downgraded to SSLv3 and thus won't be vulnerable.

So, this vulnerability will only impact users with browsers that have not yet fixed the SSLv3 issue. That means already almost everyone using updated browsers is GOOD (not sure on all browsers, but I know Chrome resolved it). Therefore, we conclude that this change is fairly safe, or much safer than it would have been immediately after the flaw was first unveiled a few months ago. Further, many or most major web sites still allow SSLv3.

As for the various credentialed logins we have:

1. Forum password will let you log in to the forum.
2. You can also log in from the products.bitsum.com website, so long as the account has the same email address. This password might be different, but if it's updated, they may (or may not) sync. I think they will sync.
3. Legacy site Support area is off on its own, with it's own accounts and passwords.

[Tarnak]

I rarely require to use IE, but sometimes it will open when software activates and needs a connection via a browser.

Otherwise, I avoid using IE6, all together.

P.S. About the passwords, I will just have to work it out, by trial and error.   Do you see failed attempts, retries on the back-end, when I make them. Just wondering. Must be some automated logging, or such.

[Jeremy Collake]

Oops, my mistake in language. I knew you weren't using IE6 as your browser because you are here . I doubt our site even renders in IE6.

What I meant was that IE6 was never updated, so the back-end APIs still use IE6.

[Tarnak]

We just cross-posted...lol

[Tarnak]

Oops, my mistake in language. I knew you weren't using IE6 as your browser because you are here . I doubt our site even renders in IE6.

What I meant was that IE6 was never updated, so the back-end APIs still use IE6.

Your site still renders OK, in IE6...it seems.

[mihli]

Hello! Sorry, I don’t know English, and I use machine translation! And, probably, I am posting this post in the wrong place. when trying to update the version Process Lasso (first deleted the old one, activated!) and after installing the fresh version, when trying to activate, a window appears with an error message -"Bitsum`s web server does not appear to be accessible! Check for firewalls or security software that may be blocking it, or check your general network connectivity.". The Internet is naturally available. the firewall was turned off (permissions for outgoing and incoming traffic were also given) as well as Windows protection tools, I also tried to activate it via vpn - but alas, all to no avail! Hope you can help me! Thank! [windows 10 pro, Chrome Edge]

[edkiefer]

Hi, try support, which will give direct support.

support@bitsum.com

[Jeremy Collake]

Please see this page: https://bitsum.com/activation-help/

Some users have modified HOSTS files that block access to the activation server. This is sometimes done by prior use of cracks and keygens.

[mihli]

Thanks for the answer. Unfortunately, nothing helps. But, the forum mentioned the use of registry cleaners, this is probably my case. The registry was cleared, restoring it also did not help, the Bitsum`s web server is still unavailable. The HOSTS file is not damaged. support@bitsum.com did not respond to email.

[mihli]

Clear. So there is no solution. Thanks for the help!

[Jeremy Collake]

You are the only one having a problem. The issue is on the client-side. Something in the network stack or severe misconfiguration of Windows. You may need to 'reset' your Windows install to clean things up.

I don't see any support ticket from you, other than asking for this forum account to be approved. I will respond to it.