{"id":4874,"date":"2024-01-20T10:22:22","date_gmt":"2024-01-20T07:22:22","guid":{"rendered":"https:\/\/blog.inetmar.com\/?p=4874"},"modified":"2024-07-27T11:49:02","modified_gmt":"2024-07-27T08:49:02","slug":"wordpress-xmlrpc-php-saldirisi-nasil-onlenir","status":"publish","type":"post","link":"https:\/\/www.inetmar.com\/blog\/wordpress-xmlrpc-php-saldirisi-nasil-onlenir\/","title":{"rendered":"WordPress xmlrpc.php Sald\u0131r\u0131s\u0131 Nas\u0131l \u00d6nlenir?"},"content":{"rendered":"

WordPress xmlrpc.php Sald\u0131r\u0131s\u0131 Nas\u0131l \u00d6nlenir?
\nWordPress kullan\u0131c\u0131lar\u0131 i\u00e7in g\u00fcvenlik her zaman \u00f6nemli bir konudur. Bir\u00e7ok WordPress sitesi, xmlrpc.php dosyas\u0131 arac\u0131l\u0131\u011f\u0131yla yap\u0131lan sald\u0131r\u0131lara maruz kalabilir. Bug\u00fcn sizlerle payla\u015faca\u011f\u0131m\u0131z y\u00f6ntemler ile\u00a0 xmlrpc.php sald\u0131r\u0131s\u0131 nas\u0131l \u00f6nleyebilece\u011finizi \u00f6\u011freneceksiniz.<\/p>\n

xmlrpc.php Nedir?<\/h3>\n

xmlrpc.php, WordPress sitesinin farkl\u0131 hizmetler ve uygulamalar ile ileti\u015fim kurabilmesi i\u00e7in kullan\u0131lan bir dosyad\u0131r. Bu dosya, uzaktan eri\u015fim protokol\u00fc XML-RPC’yi kullanarak WordPress sitenize eri\u015fimi sa\u011flar. Bununla birlikte, xmlrpc.php dosyas\u0131 ayn\u0131 zamanda k\u00f6t\u00fc niyetli ki\u015filerin sitenize sald\u0131rmas\u0131na olanak tan\u0131yabilir.<\/p>\n

XML-RPC, farkl\u0131 platformlar ve cihazlar aras\u0131nda i\u00e7erik payla\u015f\u0131m\u0131, yazma, g\u00fcncelleme ve di\u011fer i\u015flevleri ger\u00e7ekle\u015ftirebilen bir protokold\u00fcr. Bununla birlikte, xmlrpc.php dosyas\u0131 k\u00f6t\u00fc niyetli kullan\u0131c\u0131lar\u0131n siteye otomatik sald\u0131r\u0131lar yapmas\u0131na neden olabilir.<\/p>\n

xmlrpc.php Sald\u0131r\u0131lar\u0131 Nas\u0131l Ger\u00e7ekle\u015fir?<\/h3>\n

xmlrpc.php sald\u0131r\u0131lar\u0131, genellikle Brute Force sald\u0131r\u0131lar\u0131 olarak bilinir. Bu sald\u0131r\u0131 t\u00fcr\u00fc, sald\u0131rgan\u0131n bir kullan\u0131c\u0131 ad\u0131 ve \u015fifre kombinasyonu listesini kullanarak siteye giri\u015f yapmaya \u00e7al\u0131\u015fmas\u0131d\u0131r. E\u011fer sitenizde zay\u0131f veya kolay tahmin edilebilen bir \u015fifre kullan\u0131yorsan\u0131z, sald\u0131rgan\u0131n ba\u015far\u0131l\u0131 olma ihtimali artar.<\/p>\n

Bunun yan\u0131 s\u0131ra, xmlrpc.php dosyas\u0131 sald\u0131rganlara, otomatik olarak i\u00e7erik eklemek, yorum yapmak veya site \u00fczerinde de\u011fi\u015fiklik yapmak gibi i\u015flemler ger\u00e7ekle\u015ftirme imkan\u0131 verir. Bu da sald\u0131rganlar\u0131n, sitenizde spam i\u00e7erik yaymas\u0131na veya siteyi \u00e7\u00f6km\u00fc\u015f gibi g\u00f6stermelerine olanak sa\u011flar.<\/p>\n

xmlrpc.php sald\u0131r\u0131lar\u0131n\u0131 \u00f6nlemek i\u00e7in a\u015fa\u011f\u0131daki ad\u0131mlar\u0131 takip edebilirsiniz:<\/strong><\/h3>\n\n\n\n\n\n\n\n
Ad\u0131m<\/th>\nA\u00e7\u0131klama<\/th>\n<\/tr>\n
1<\/td>\nG\u00fc\u00e7l\u00fc Bir \u015eifre Kullan\u0131n<\/td>\n<\/tr>\n
2<\/td>\nxmlrpc.php Dosyas\u0131n\u0131 Devre D\u0131\u015f\u0131 B\u0131rak\u0131n<\/td>\n<\/tr>\n
3<\/td>\nG\u00fcvenlik Eklentisi Kullan\u0131n<\/td>\n<\/tr>\n
4<\/td>\nIP Adresini Engelleme<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Xmlrpc.php’yi Devre D\u0131\u015f\u0131 B\u0131rakma:
\n<\/strong><\/h3>\n

Xmlrpc.php’yi tamamen devre d\u0131\u015f\u0131 b\u0131rakmak, en basit ve etkili \u00e7\u00f6z\u00fcmlerden biridir. Ancak, bu, baz\u0131 uzaktan y\u00f6netim ara\u00e7lar\u0131n\u0131n veya mobil uygulamalar\u0131n \u00e7al\u0131\u015fmas\u0131n\u0131 etkileyebilir. E\u011fer kullanm\u0131yorsan\u0131z veya ihtiya\u00e7 duymuyorsan\u0131z, bu dosyay\u0131 devre d\u0131\u015f\u0131 b\u0131rakabilirsiniz.<\/p>\n

\n
<\/div>\n
<Files xmlrpc.php>
\nOrder Allow,Deny
\nDeny from all
\n<\/Files>
\n<\/code><\/div>\n<\/div>\n

Yukar\u0131daki kodu .htaccess<\/strong> dosyan\u0131za ekleyerek xmlrpc.php<\/strong> dosyas\u0131na eri\u015fimi engelleyebilirsiniz.<\/p>\n

\u00a0G\u00fcvenlik Eklentileri Kullanma:<\/strong><\/h3>\n

WordPress i\u00e7in bir\u00e7ok g\u00fcvenlik eklentisi mevcuttur. Bu eklentiler, xmlrpc.php sald\u0131r\u0131lar\u0131na kar\u015f\u0131 koruma sa\u011flar. \u00d6rne\u011fin, Wordfence<\/strong> veya Sucuri<\/strong> gibi pop\u00fcler olan g\u00fcvenlik eklentilerini kullanarak sitenizi koruyabilirsiniz.<\/p>\n

\u00a0Xmlrpc.php \u0130\u00e7in IP Filtreleme:<\/strong><\/h3>\n

Xmlrpc.php’yi belirli IP adreslerine izin vermek veya engellemek i\u00e7in .htaccess dosyan\u0131zda a\u015fa\u011f\u0131daki gibi bir kod kullanabilirsiniz:<\/p>\n

\n
<\/div>\n
<Files xmlrpc.php>
\nOrder Deny,Allow
\nDeny from all
\nAllow from 192.168.1.1
\n<\/Files>
\n<\/code><\/div>\n<\/div>\n

Yukar\u0131daki \u00f6rnekte, 192.168.1.1 IP adresine sahip olanlara xmlrpc.php dosyas\u0131na eri\u015fim izni verilmi\u015ftir. Kendinize g\u00f6re IP adreslerini d\u00fczenleyebilirsiniz.<\/p>\n

xmlrpc.php Sald\u0131r\u0131s\u0131 Nas\u0131l Tespit Edilir?<\/h3>\n

xmlrpc.php sald\u0131r\u0131s\u0131 tespit etmek i\u00e7in sitenizin log dosyalar\u0131n\u0131 kontrol edebilirsiniz. Log dosyalar\u0131nda, xmlrpc.php adresine gelen istekleri kontrol ederek sald\u0131r\u0131 giri\u015fimlerini belirleyebilirsiniz. Ayr\u0131ca, yukar\u0131da \u00f6nermi\u015f oldu\u011fumuz g\u00fcvenlik eklentileri de sald\u0131r\u0131lar\u0131 tespit etmek i\u00e7in yararl\u0131d\u0131r.<\/p>\n

G\u00fcvenilir bir \u015fekilde ihtiyac\u0131n\u0131za uygun olan VPS sat\u0131n al<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

WordPress xmlrpc.php Sald\u0131r\u0131s\u0131 Nas\u0131l \u00d6nlenir? WordPress kullan\u0131c\u0131lar\u0131 i\u00e7in g\u00fcvenlik her zaman \u00f6nemli bir konudur. Bir\u00e7ok WordPress sitesi, xmlrpc.php dosyas\u0131 arac\u0131l\u0131\u011f\u0131yla yap\u0131lan sald\u0131r\u0131lara maruz kalabilir. Bug\u00fcn sizlerle payla\u015faca\u011f\u0131m\u0131z y\u00f6ntemler ile\u00a0 xmlrpc.php sald\u0131r\u0131s\u0131 nas\u0131l \u00f6nleyebilece\u011finizi \u00f6\u011freneceksiniz. xmlrpc.php...<\/p>\n","protected":false},"author":2,"featured_media":4894,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[],"class_list":["post-4874","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress"],"_links":{"self":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/4874","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/comments?post=4874"}],"version-history":[{"count":9,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/4874\/revisions"}],"predecessor-version":[{"id":9378,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/4874\/revisions\/9378"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/media\/4894"}],"wp:attachment":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/media?parent=4874"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/categories?post=4874"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/tags?post=4874"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}