Setting up your Domino server to prevent password attacks

There as been some writing around attacks against WordPress based sites and a lot of them has been taken over and malicious code was injected on these sites. How was most of these attacks done? Well I think that this was probably done thru so called brute force attacks. The hacker have a software that is posting in attempts on the login page and they know that the default admin account is “admin” on WordPress, alot of sites haven’t removed this account. This type of Brute Force attacks can be done against your Domino environment also. But there are several ways to prevent it and one way is “Password Lockout”. It’s very easy to implement on your server so if you haven’t I suggest you do.

This is how you add this to your Domino Site.

In your Name and address book for the server goto Configurations

Snap169 

Open up the corresponding document for your server, Some times there is only a entry like thisSnap171

Then I take a copy of this document and open it you need to change to it affects you server you need to uncheck the “Use these settings as the default . . . .” checkbox

 Snap173

When this is done the new field where you specify your Server name is revealed write the name of you server.

Snap176

Go to the second tab “Security”

Snap179

Change “Enforce Internet Password Lockout” to Yes and a checkbox to log “Failures” and save the configuration and restart the http service on the server the “Password Lockout” database (inetlockout.nsf) is created the first time a password failure occurs so I suggest your try with your own login so the database is created and you can adjust the acl as you like it.

UPDATE: make your SMTP server from leaking passwords

Check out this guide on disable authentication on smtp turn off smtp authentication

Now your Domino sever a bit more secure.

  1. AFAIK doesn’t count POP3/IMAP/Traveler attempts

  2. Works with traveler. Not sure about pop3/imap (but who uses that?

  3. Works with Traveler. Not sure about pop3/imap (but who uses that these days? :mrgreen: )

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>