Welcome to the #dominoforever Product Ideas Lab! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated jointly by the IBM & HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino page.


Fail2Ban for IBM Domino

When Domino is available over internet, SMTP or HTTP and other services may be used by hackers to bruteforce password. 

 

While we have internetLockout functionality, that stops hackers,  they can try access different accounts and lock users. 

This this is DOS attack, since user does not get access. 

Please think on functionality that able to Block DYnamically IP addresses from which we received N number of authorization failure attempts.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Nov 23 2018
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    06 Feb 16:51

    Very disappointed that IBM developers never considered the option to block IP addresses dynamically. Locking out user accounts is not a robust solution and as the original poster correctly pointed out, it ends up locking a legit user and the hacker then moves on to another account. In fact knowing that the account has been locked out further assists the hacker in learning that it actually is an active account. Often hackers attempt to use invalid accounts trying to guess one, but locking the account tips off the attacker and actually helps them build intelligence. Please build in a way to block IPs after 10, 20,30 authentication failures, this should have been thought of ages ago. IBM developers, please wake up !!