As soon as I recived my Champion kit, the first thing I did was placing this on my Office wall.
Me and all the other 2013 Champions like to share and will continue to do so.
If you have a question around Domino, XPages or anything related to this, I promise to respond. So if you have a question contact me thru email, twitter and I will help you or help you find someone who can help.
Also my thanks goes to Joyce our Champion helping hand.
There as been some writing around attacks against WordPress based sites and a lot of them has been taken over and malicious code was injected on these sites. How was most of these attacks done? Well I think that this was probably done thru so called brute force attacks. The hacker have a software that is posting in attempts on the login page and they know that the default admin account is “admin” on WordPress, alot of sites haven’t removed this account. This type of Brute Force attacks can be done against your Domino environment also. But there are several ways to prevent it and one way is “Password Lockout”. It’s very easy to implement on your server so if you haven’t I suggest you do.
This is how you add this to your Domino Site.
In your Name and address book for the server goto Configurations
Open up the corresponding document for your server, Some times there is only a entry like this
Then I take a copy of this document and open it you need to change to it affects you server you need to uncheck the “Use these settings as the default . . . .” checkbox
When this is done the new field where you specify your Server name is revealed write the name of you server.
Go to the second tab “Security”
Change “Enforce Internet Password Lockout” to Yes and a checkbox to log “Failures” and save the configuration and restart the http service on the server the “Password Lockout” database (inetlockout.nsf) is created the first time a password failure occurs so I suggest your try with your own login so the database is created and you can adjust the acl as you like it.
UPDATE: make your SMTP server from leaking passwords
Check out this guide on disable authentication on smtp turn off smtp authentication
Now your Domino sever a bit more secure.