Due to the current situation, we've decided to implement additional preventive security measures for Krymo Software, which we would like to briefly explain in the following.
Attacks on websites within the WoltLab scene
In the past hours it became known that several websites within the WoltLab scene have been victims of attacks where the login data of users were logged in plain text. How the attackers were able to inject the malicious code is still unclear. However, it seems that no security hole in the WoltLab software is responsible for this. Of course we immediately checked if we could be affected. For this purpose we checked the integrity of the files as well as all event listeners of plugins, which could possibly log usernames and passwords in plain text during login. Fortunately we couldn't find any compromise of the system. Although it can never be ruled out, the risk of compromising the system should be very low, since Krymo Software was only founded in March 2020, we only install packages from trusted sources and attach great importance to the security of the servers. If you have any questions about our technical measures and the security of your personal data, you can always contact us.
Release of packages
Generally we always wait for the WoltLab team to check and approve new packages and package updates. The only exceptions are technically or security critical updates as well as software products that we don't offer in the Plugin-Store of WoltLab. We'll keep this procedure.
Posts of new users
For non-customers who don't meet certain internal criteria it's now effective that threads and posts must first be activated by us. The same applies to profile comments and comments on CMS pages. We've automated this process so that those affected are released from these restrictions after appropriate activity.
From the beginning of Krymo Software, non-customers have never been able to start conversations. This won't change in the foreseeable future. This is to prevent the secret distribution of unwanted messages in the interest of all users. You can still use the forum or the contact form to get in touch with us. Furthermore, nobody is able to add invisible participants to conversations.
Since the main focus of Krymo Software is on its own software products and the support associated with them, we've decided to delete some forums. It's also no longer possible to comment on news and information. This is to maintain the chronology of the threads and to prevent additional notifications caused by new posts in these forums.
We aren't happy about having to take these measures. However, we want and need to ensure that our website is safe for all users, that there is a pleasant and friendly atmosphere and that there's no harassment from conspicuous users. Our own experiences and the events of the last weeks in the WoltLab scene have shown that such measures are an effective means. We'll keep you informed about further measures that might be taken in the near future.