XPageDeveloper.com

There as been some writing around attacks against WordPress based sites and a lot of them has been taken over and malicious code was injected on these sites. How was most of these attacks done? Well I think that this was probably done thru so called brute force attacks. The hacker have a software that is posting in attempts on the login page and they know that the default admin account is “admin” on WordPress, alot of sites haven’t removed this account. This type of Brute Force attacks can be done against your Domino environment also. But there are several ways to prevent it and one way is “Password Lockout”. It’s very easy to implement on your server so if you haven’t I suggest you do.

This is how you add this to your Domino Site.

In your Name and address book for the server goto Configurations

Open up the corresponding document for your server, Some times there is only a entry like this

Then I take a copy of this document and open it you need to change to it affects you server you need to uncheck the “Use these settings as the default . . . .” checkbox

When this is done the new field where you specify your Server name is revealed write the name of you server.

Go to the second tab “Security”

Change “Enforce Internet Password Lockout” to Yes and a checkbox to log “Failures” and save the configuration and restart the http service on the server the “Password Lockout” database (inetlockout.nsf) is created the first time a password failure occurs so I suggest your try with your own login so the database is created and you can adjust the acl as you like it.

UPDATE: make your SMTP server from leaking passwords

Check out this guide on disable authentication on smtp turn off smtp authentication

Now your Domino sever a bit more secure.