Info: hacking attack affecting Comosoft Website

Dear Comosoft customers,

 As you may already be aware, over the weekend an external Comosoft web server was the victim of an attack by hackers from south east Asia.

No LAGO program versions or downloads are affected by this attack. Your LAGO systems are safe.

Through a hole in WordPress, the attackers succeeded in injecting PHP code and commandeering our Marketing server to send “erotic offers”. We immediately took the server offline.

We informed you about the attack as soon as possible via our ticket system JIRA (which was not affected by the attack).

We have now concluded our detailed analysis and wish to inform you via this mail that the attack has been terminated and of the measures we have taken.

The Comosoft web server which was attacked is hosted by an external provider and is outside of the Comosoft network.

This system only contains the Comosoft web site and the Comosoft Release notes generator. With the exception of a password for the customer section, this server contains no customer data, no LAGO program versions or such like whatsoever. The passwords for the customer section have already been reset and you will be notified of this. 

The Release notes generator is an in-house development from Comosoft and is based on PHP code. Based upon the login data of a user and the release information stored in a local database, the Release notes generator creates a PDF file which can be downloaded by the user.

The program code of the Release notes generator has been restored to the verified stand from November 3rd 2016, to exclude any problems here.

We use the WordPress system as the CMS for our web site and the associated database resides locally on the web server.

Users are stored in the WordPress system. These users bear the abbreviated customer name as user name as well as a, from customer/user/ customized password.

The user name (in the sense of the customer name) is used by the Release notes generator to filter the release information. The passwords to these users have already been reset and you have been notified of this. 

Download links are stored on the web site.

The targets of the links are read only files stored in the Amazon Cloud which cannot be changed via the download links.

 To provide you with additional security a check sum will be made available for all currently linked downloads, to allow you to verify them.

The web server has no connection to the Comosoft network. With the exception of the download links, which are read only, it has no connection to other networks. This deliberate separation of the external web server from our other networks means that this attack did NOT compromise the Comosoft network. The download area with the LAGO program versions is also in a separate network. There was no attack on the Amazon Cloud hosted resources.

Our ticket system JIRA as well as our mail server both reside in a complex, multiple secured area within the Comosoft network and are also NOT affected.

We have taken all possible measures to prevent future attacks. 

If you have any questions, please contact your respective Comosoft representative.

With kind regards,

Your Comosoft Management