{"id":2158,"date":"2025-11-19T20:54:19","date_gmt":"2025-11-19T17:54:19","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/siber-guvenlik-tehditlerinde-ddos-saldirilari-neden-yukseliyor\/"},"modified":"2025-11-19T20:54:19","modified_gmt":"2025-11-19T17:54:19","slug":"siber-guvenlik-tehditlerinde-ddos-saldirilari-neden-yukseliyor","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/siber-guvenlik-tehditlerinde-ddos-saldirilari-neden-yukseliyor\/","title":{"rendered":"Siber G\u00fcvenlik Tehditlerinde DDoS Sald\u0131r\u0131lar\u0131 Neden Y\u00fckseliyor?"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><p>DDoS sald\u0131r\u0131lar\u0131 bir d\u00f6nem sadece b\u00fcy\u00fck bankalar\u0131n, global oyun \u015firketlerinin ve dev portallar\u0131n derdi gibi g\u00f6r\u00fcn\u00fcyordu. Bug\u00fcn ise orta \u00f6l\u00e7ekli bir e\u2011ticaret sitesi, SaaS \u00fcr\u00fcn\u00fc geli\u015ftiren k\u00fc\u00e7\u00fck bir ekip ya da kurumsal vitrini olan bir hukuk b\u00fcrosu, birka\u00e7 dakika i\u00e7inde ayn\u0131 kabusun i\u00e7inde bulabiliyor kendini. Trafik bir anda \u015fi\u015fiyor, CPU ve bant geni\u015fli\u011fi tavan yap\u0131yor, ama bu art\u0131\u015f\u0131n arkas\u0131nda ger\u00e7ek kullan\u0131c\u0131lar de\u011fil, koordineli sald\u0131r\u0131 botnet\u2019leri var.<\/p>\n<p>DCHost olarak hem kendi altyap\u0131m\u0131zda hem de m\u00fc\u015fterilerimizin sistemlerinde bu de\u011fi\u015fimi \u00e7ok net g\u00f6r\u00fcyoruz: DDoS sald\u0131r\u0131lar\u0131 hem say\u0131ca hem de sofistike yap\u0131lar\u0131yla belirgin \u015fekilde artm\u0131\u015f durumda. Bu yaz\u0131da \u201cDDoS nedir\u201d temelini yinelemenin \u00f6tesine ge\u00e7ip, sald\u0131r\u0131lar\u0131n neden yeniden g\u00fcndemin ilk s\u0131ras\u0131na yerle\u015fti\u011fini, hangi t\u00fcrlerin \u00f6ne \u00e7\u0131kt\u0131\u011f\u0131n\u0131 ve pratikte nas\u0131l bir savunma mimarisi kurman\u0131z gerekti\u011fini ad\u0131m ad\u0131m konu\u015faca\u011f\u0131z. Amac\u0131m\u0131z sizi korkutmak de\u011fil; riskleri netle\u015ftirip, uygulanabilir bir yol haritas\u0131 ile sunucunuzu, a\u011f\u0131n\u0131z\u0131 ve uygulaman\u0131z\u0131 bu dalgaya kar\u015f\u0131 g\u00fc\u00e7lendirmek.<\/p>\n<div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#DDoS_Saldirilari_Neden_Yeniden_Zirvede\"><span class=\"toc_number toc_depth_1\">1<\/span> DDoS Sald\u0131r\u0131lar\u0131 Neden Yeniden Zirvede?<\/a><\/li><li><a href=\"#DDoS_Saldirisi_Nedir_Kisaca_Ama_Dogru_Tanimlayalim\"><span class=\"toc_number toc_depth_1\">2<\/span> DDoS Sald\u0131r\u0131s\u0131 Nedir? K\u0131saca Ama Do\u011fru Tan\u0131mlayal\u0131m<\/a><\/li><li><a href=\"#Guncel_DDoS_Trendleri_Neler_Degisti\"><span class=\"toc_number toc_depth_1\">3<\/span> G\u00fcncel DDoS Trendleri: Neler De\u011fi\u015fti?<\/a><ul><li><a href=\"#Daha_Kisa_Ama_Daha_Sik_Saldirilar\"><span class=\"toc_number toc_depth_2\">3.1<\/span> Daha K\u0131sa Ama Daha S\u0131k Sald\u0131r\u0131lar<\/a><\/li><li><a href=\"#Uygulama_Katmani_L7_DDoS_Saldirilari\"><span class=\"toc_number toc_depth_2\">3.2<\/span> Uygulama Katman\u0131 (L7) DDoS Sald\u0131r\u0131lar\u0131<\/a><\/li><li><a href=\"#Amplification_Yukseltme_ve_Yansitmali_Saldirilar\"><span class=\"toc_number toc_depth_2\">3.3<\/span> Amplification (Y\u00fckseltme) ve Yans\u0131tmal\u0131 Sald\u0131r\u0131lar<\/a><\/li><li><a href=\"#Fidye_DDoS_RDoS_ve_Rekabet_Kaynakli_Saldirilar\"><span class=\"toc_number toc_depth_2\">3.4<\/span> Fidye DDoS (RDoS) ve Rekabet Kaynakl\u0131 Sald\u0131r\u0131lar<\/a><\/li><\/ul><\/li><li><a href=\"#DDoS_Saldirilarinin_Isinize_Gercek_Etkisi\"><span class=\"toc_number toc_depth_1\">4<\/span> DDoS Sald\u0131r\u0131lar\u0131n\u0131n \u0130\u015finize Ger\u00e7ek Etkisi<\/a><\/li><li><a href=\"#DDoS_Saldiri_Turleri_Hangi_Katman_Hangi_Risk\"><span class=\"toc_number toc_depth_1\">5<\/span> DDoS Sald\u0131r\u0131 T\u00fcrleri: Hangi Katman, Hangi Risk?<\/a><ul><li><a href=\"#1_Ag_Katmani_L3_ve_Tasima_Katmani_L4_Saldirilari\"><span class=\"toc_number toc_depth_2\">5.1<\/span> 1. A\u011f Katman\u0131 (L3) ve Ta\u015f\u0131ma Katman\u0131 (L4) Sald\u0131r\u0131lar\u0131<\/a><\/li><li><a href=\"#2_Uygulama_Katmani_L7_DDoS_Saldirilari\"><span class=\"toc_number toc_depth_2\">5.2<\/span> 2. Uygulama Katman\u0131 (L7) DDoS Sald\u0131r\u0131lar\u0131<\/a><\/li><li><a href=\"#3_Kaynak_Tuketimi_ve_Karma_Saldirilar\"><span class=\"toc_number toc_depth_2\">5.3<\/span> 3. Kaynak T\u00fcketimi ve Karma Sald\u0131r\u0131lar<\/a><\/li><\/ul><\/li><li><a href=\"#Neden_Kucuk_ve_Orta_Olcekli_Projeler_Daha_Fazla_Hedef_Oluyor\"><span class=\"toc_number toc_depth_1\">6<\/span> Neden K\u00fc\u00e7\u00fck ve Orta \u00d6l\u00e7ekli Projeler Daha Fazla Hedef Oluyor?<\/a><\/li><li><a href=\"#DDoSa_Karsi_Cok_Katmanli_Savunma_Stratejisi\"><span class=\"toc_number toc_depth_1\">7<\/span> DDoS\u2019a Kar\u015f\u0131 \u00c7ok Katmanl\u0131 Savunma Stratejisi<\/a><ul><li><a href=\"#1_Ag_Seviyesi_Koruma_Ilk_Darbe_Burada_Karsilanir\"><span class=\"toc_number toc_depth_2\">7.1<\/span> 1. A\u011f Seviyesi Koruma: \u0130lk Darbe Burada Kar\u015f\u0131lan\u0131r<\/a><\/li><li><a href=\"#2_Sunucu_Seviyesinde_Sertlestirme_Kapiyi_Tam_Kapatmadan_Guvenlik_Olmaz\"><span class=\"toc_number toc_depth_2\">7.2<\/span> 2. Sunucu Seviyesinde Sertle\u015ftirme: Kap\u0131y\u0131 Tam Kapatmadan G\u00fcvenlik Olmaz<\/a><\/li><li><a href=\"#3_Uygulama_Katmani_Korumasi_WAF_Bot_Korumasi_ve_Akilli_Rate_Limit\"><span class=\"toc_number toc_depth_2\">7.3<\/span> 3. Uygulama Katman\u0131 Korumas\u0131: WAF, Bot Korumas\u0131 ve Ak\u0131ll\u0131 Rate Limit<\/a><\/li><li><a href=\"#4_Mimarinin_Dayanikliligi_Tek_Noktadan_Kirilmayi_Onlemek\"><span class=\"toc_number toc_depth_2\">7.4<\/span> 4. Mimarinin Dayan\u0131kl\u0131l\u0131\u011f\u0131: Tek Noktadan K\u0131r\u0131lmay\u0131 \u00d6nlemek<\/a><\/li><li><a href=\"#5_Operasyonel_Hazirlik_Runbook_Test_ve_Iletisim\"><span class=\"toc_number toc_depth_2\">7.5<\/span> 5. Operasyonel Haz\u0131rl\u0131k: Runbook, Test ve \u0130leti\u015fim<\/a><\/li><\/ul><\/li><li><a href=\"#DCHost_Tarafinda_DDoSa_Nasil_Bakiyoruz\"><span class=\"toc_number toc_depth_1\">8<\/span> DCHost Taraf\u0131nda DDoS\u2019a Nas\u0131l Bak\u0131yoruz?<\/a><\/li><li><a href=\"#Sonuc_DDoS_Saldirilari_Kalici_Cozum_Stratejik_Olmali\"><span class=\"toc_number toc_depth_1\">9<\/span> Sonu\u00e7: DDoS Sald\u0131r\u0131lar\u0131 Kal\u0131c\u0131, \u00c7\u00f6z\u00fcm Stratejik Olmal\u0131<\/a><\/li><\/ul><\/div>\n<h2><span id=\"DDoS_Saldirilari_Neden_Yeniden_Zirvede\">DDoS Sald\u0131r\u0131lar\u0131 Neden Yeniden Zirvede?<\/span><\/h2>\n<p>Siber g\u00fcvenlik tehditlerinin genel olarak artt\u0131\u011f\u0131n\u0131 zaten daha \u00f6nce detayl\u0131 anlatt\u0131k; bu resmin b\u00fcy\u00fck \u00e7er\u00e7evesini merak ediyorsan\u0131z, <a href='https:\/\/www.dchost.com\/blog\/siber-guvenlik-tehditlerinde-artis-abarti-mi-neden-bu-kadar-artti-ve-ne-yapabiliriz\/'>siber g\u00fcvenlik tehditlerinde art\u0131\u015f\u0131n neden abart\u0131 olmad\u0131\u011f\u0131n\u0131 anlatt\u0131\u011f\u0131m\u0131z rehbere<\/a> mutlaka g\u00f6z at\u0131n. O tablo i\u00e7inde DDoS\u2019un ayr\u0131 bir yeri var; \u00e7\u00fcnk\u00fc di\u011fer bir\u00e7ok sald\u0131r\u0131 t\u00fcr\u00fcn\u00fcn aksine, DDoS\u2019da sald\u0131rgan\u0131n <strong>ba\u015far\u0131s\u0131 i\u00e7in tek kriter sizi \u00e7evrimd\u0131\u015f\u0131 b\u0131rakmak<\/strong>.<\/p>\n<p>DDoS sald\u0131r\u0131lar\u0131n\u0131n y\u00fckseli\u015finde birka\u00e7 temel fakt\u00f6r \u00f6ne \u00e7\u0131k\u0131yor:<\/p>\n<ul>\n<li><strong>Botnet\u2019lerin ucuzlamas\u0131 ve kiralanabilir hale gelmesi:<\/strong> IoT cihazlar\u0131 (kamera, router, ak\u0131ll\u0131 cihazlar) k\u00f6t\u00fc yap\u0131land\u0131r\u0131lm\u0131\u015f oldu\u011funda, devasa botnet ordular\u0131na d\u00f6n\u00fc\u015f\u00fcyor. Bu kaynaklar art\u0131k yeralt\u0131 piyasas\u0131nda \u00e7ok d\u00fc\u015f\u00fck \u00fccretlerle kiralanabiliyor.<\/li>\n<li><strong>Politik ve ideolojik motivasyon:<\/strong> \u00dclkeler aras\u0131 gerilimler, toplumsal olaylar veya spor organizasyonlar\u0131 gibi d\u00f6nemlerde belirli \u00fclkelere veya markalara y\u00f6nelik DDoS dalgalar\u0131 art\u0131yor.<\/li>\n<li><strong>Rekabet bask\u0131s\u0131 ve \u015fantaj:<\/strong> Baz\u0131 sald\u0131r\u0131lar, do\u011frudan rakipleri zor duruma d\u00fc\u015f\u00fcrmek veya \u201cfidye DDoS\u201d (sald\u0131r\u0131y\u0131 durdurmak i\u00e7in para talebi) senaryolar\u0131 ile g\u00fcndeme geliyor.<\/li>\n<li><strong>Teknik bariyerlerin a\u015f\u0131lmas\u0131:<\/strong> Art\u0131k sadece L3\/L4 (a\u011f ve ta\u015f\u0131ma katman\u0131) de\u011fil, L7 (uygulama katman\u0131) sald\u0131r\u0131lar\u0131 ile do\u011frudan web uygulaman\u0131z hedef al\u0131nabiliyor; bu da savunmay\u0131 zorla\u015ft\u0131r\u0131yor.<\/li>\n<\/ul>\n<p>Bu kombinasyon, DDoS\u2019u bug\u00fcn neredeyse her \u00f6l\u00e7ekten proje i\u00e7in \u201cg\u00f6rmezden gelinemez\u201d bir risk haline getiriyor.<\/p>\n<h2><span id=\"DDoS_Saldirisi_Nedir_Kisaca_Ama_Dogru_Tanimlayalim\">DDoS Sald\u0131r\u0131s\u0131 Nedir? K\u0131saca Ama Do\u011fru Tan\u0131mlayal\u0131m<\/span><\/h2>\n<p>DDoS (Distributed Denial of Service), da\u011f\u0131t\u0131k hizmet engelleme sald\u0131r\u0131s\u0131 anlam\u0131na gelir. Basit\u00e7e: \u00c7ok say\u0131da kaynaktan (botnet\u2019ler, ele ge\u00e7irilmi\u015f sunucular, k\u00f6t\u00fc niyetli istemciler) gelen sahte veya a\u015f\u0131r\u0131 yo\u011fun trafikle servisinizin kaynaklar\u0131n\u0131 (bant geni\u015fli\u011fi, CPU, RAM, ba\u011flant\u0131 tablosu, uygulama thread\u2019leri) t\u00fcketmeyi hedefler.<\/p>\n<p>DDoS\u2019un temel ama\u00e7lar\u0131 \u015funlard\u0131r:<\/p>\n<ul>\n<li>Web sitenizi veya API\u2019nizi eri\u015filemez hale getirmek<\/li>\n<li>A\u011f cihazlar\u0131n\u0131z\u0131n (router, firewall, load balancer) kapasitesini a\u015f\u0131r\u0131 y\u00fcklemek<\/li>\n<li>Veritaban\u0131, cache veya uygulama sunucular\u0131n\u0131z\u0131 yormak<\/li>\n<li>Baz\u0131 durumlarda, kaos ortam\u0131nda ba\u015fka sald\u0131r\u0131lar (\u00f6rne\u011fin veri s\u0131z\u0131nt\u0131s\u0131) i\u00e7in zemin haz\u0131rlamak<\/li>\n<\/ul>\n<p>DDoS kavram\u0131n\u0131 daha temel d\u00fczeyde \u00f6\u011frenmek istiyorsan\u0131z, <a href='https:\/\/www.dchost.com\/blog\/ddos-nedir-web-sitenizi-ddos-saldirilarindan-nasil-korursunuz\/'>DDoS nedir ve web sitenizi nas\u0131l korursunuz rehberimiz<\/a> ba\u015flang\u0131\u00e7 i\u00e7in iyi bir referans olacak. Bu yaz\u0131da ise odak, g\u00fcncel trendler ve pratik savunma stratejileri \u00fczerinde olacak.<\/p>\n<h2><span id=\"Guncel_DDoS_Trendleri_Neler_Degisti\">G\u00fcncel DDoS Trendleri: Neler De\u011fi\u015fti?<\/span><\/h2>\n<p>DCHost taraf\u0131nda son birka\u00e7 y\u0131lda g\u00f6zlemledi\u011fimiz DDoS paternleri, klasik \u201cdevasa trafik dalgas\u0131 ve saatlerce kesinti\u201d senaryosundan farkl\u0131 bir y\u00f6ne evrildi. \u00d6ne \u00e7\u0131kan trendleri \u015f\u00f6yle \u00f6zetleyebiliriz:<\/p>\n<h3><span id=\"Daha_Kisa_Ama_Daha_Sik_Saldirilar\">Daha K\u0131sa Ama Daha S\u0131k Sald\u0131r\u0131lar<\/span><\/h3>\n<p>\u00d6nceden hedef, saatlerce hatta g\u00fcnlerce s\u00fcren kesintiler yaratmakt\u0131. \u015eimdi ise 5\u201315 dakikal\u0131k, ama g\u00fcn i\u00e7inde tekrarlanan \u201cnab\u0131z at\u0131\u015f\u0131\u201d sald\u0131r\u0131lar g\u00f6r\u00fcyoruz. Ama\u00e7:<\/p>\n<ul>\n<li>K\u0131sa kesintilerle kullan\u0131c\u0131 deneyimini bozmak ve itibar zedelemek<\/li>\n<li>Operasyon ekiplerini s\u00fcrekli alarmda tutarak yormak<\/li>\n<li>\u0130zleme sistemlerinin ve otomatik \u00f6l\u00e7ekleme mekanizmalar\u0131n\u0131n s\u0131n\u0131rlar\u0131n\u0131 test etmek<\/li>\n<\/ul>\n<h3><span id=\"Uygulama_Katmani_L7_DDoS_Saldirilari\">Uygulama Katman\u0131 (L7) DDoS Sald\u0131r\u0131lar\u0131<\/span><\/h3>\n<p>Klasik DDoS, \u00e7o\u011funlukla a\u011f ve ta\u015f\u0131ma katman\u0131na (L3\/L4) y\u00fcklenir: SYN flood, UDP flood, ICMP flood gibi. Modern sald\u0131r\u0131larda ise do\u011frudan HTTP\/HTTPS istekleri \u00fczerinden, sanki ger\u00e7ek kullan\u0131c\u0131ym\u0131\u015f gibi g\u00f6z\u00fcken trafikle uygulama katman\u0131 hedefleniyor:<\/p>\n<ul>\n<li>A\u011f seviyesinde trafik \u201cnormal\u201d g\u00f6r\u00fcn\u00fcyor; ama uygulama CPU\u2019su ve veritaban\u0131 sorgular\u0131 patl\u0131yor.<\/li>\n<li>Bot\u2019lar, ger\u00e7ek taray\u0131c\u0131 davran\u0131\u015flar\u0131n\u0131 taklit ediyor, hatta JavaScript \u00e7al\u0131\u015ft\u0131rabiliyor.<\/li>\n<li>CAPTCHA, basit rate limit gibi \u00f6nlemler tek ba\u015f\u0131na yetersiz kalabiliyor.<\/li>\n<\/ul>\n<p>Bu y\u00fczden <a href='https:\/\/www.dchost.com\/blog\/waf-ve-bot-korumasi-cloudflare-modsecurity-ve-fail2bani-ayni-masada-baristirmanin-sicacik-hikayesi\/'>WAF ve bot korumas\u0131n\u0131 birlikte konumlamak<\/a> art\u0131k modern DDoS savunmas\u0131n\u0131n ayr\u0131lmaz par\u00e7as\u0131.<\/p>\n<h3><span id=\"Amplification_Yukseltme_ve_Yansitmali_Saldirilar\">Amplification (Y\u00fckseltme) ve Yans\u0131tmal\u0131 Sald\u0131r\u0131lar<\/span><\/h3>\n<p>DNS, NTP, Memcached gibi protokollerdeki zafiyetler kullan\u0131larak; k\u00fc\u00e7\u00fck bir istekle, \u00e7ok b\u00fcy\u00fck bir yan\u0131t \u00fcretiliyor. Sald\u0131rgan bu yan\u0131tlar\u0131 sizin IP\u2019nize yans\u0131tacak \u015fekilde kurguluyor:<\/p>\n<ul>\n<li>Sald\u0131r\u0131 trafi\u011fi, sald\u0131rgana ait IP\u2019lerden de\u011fil, masum \u00fc\u00e7\u00fcnc\u00fc taraf sistemlerden geliyor gibi g\u00f6r\u00fcn\u00fcyor.<\/li>\n<li>Birka\u00e7 Gbit\/s\u2019lik sald\u0131r\u0131lar bile 1:50, 1:100 \u00e7arpanlarla 100 Gbit\/s seviyelerini g\u00f6rebiliyor.<\/li>\n<\/ul>\n<p>Bu t\u00fcr sald\u0131r\u0131larda sadece kendi altyap\u0131n\u0131z\u0131 de\u011fil, kom\u015fu a\u011flar\u0131 ve veri merkezlerini de korumak i\u00e7in upstream seviyesinde \u00f6nlem \u015fart.<\/p>\n<h3><span id=\"Fidye_DDoS_RDoS_ve_Rekabet_Kaynakli_Saldirilar\">Fidye DDoS (RDoS) ve Rekabet Kaynakl\u0131 Sald\u0131r\u0131lar<\/span><\/h3>\n<p>\u00d6zellikle e\u2011ticaret ve oyun sekt\u00f6r\u00fcnde; \u201csald\u0131r\u0131y\u0131 keseriz ama \u015fu kadar kripto \u00f6de\u201d mesajlar\u0131 ile kar\u015f\u0131la\u015fmak art\u0131k ne yaz\u0131k ki \u015fa\u015f\u0131rt\u0131c\u0131 de\u011fil. Baz\u0131 durumlarda ise sald\u0131r\u0131n\u0131n arkas\u0131nda do\u011frudan ticari rakipler yer alabiliyor. Bu noktada kritik olan, hem teknik savunmay\u0131 g\u00fc\u00e7lendirmek hem de olay an\u0131nda nas\u0131l hareket edece\u011finizi (log toplama, hukuki s\u00fcre\u00e7, ileti\u015fim plan\u0131) \u00f6nceden netle\u015ftirmek.<\/p>\n<h2><span id=\"DDoS_Saldirilarinin_Isinize_Gercek_Etkisi\">DDoS Sald\u0131r\u0131lar\u0131n\u0131n \u0130\u015finize Ger\u00e7ek Etkisi<\/span><\/h2>\n<p>DDoS\u2019u sadece \u201csite birka\u00e7 dakika a\u00e7\u0131lmad\u0131, sonra d\u00fczeldi\u201d \u015feklinde okumak, i\u015fin maliyet boyutunu hafife almak demek. DCHost taraf\u0131nda sahada g\u00f6rd\u00fc\u011f\u00fcm\u00fcz etkileri madde madde d\u00fc\u015f\u00fcnmek daha faydal\u0131:<\/p>\n<ul>\n<li><strong>Do\u011frudan gelir kayb\u0131:<\/strong> \u00d6zellikle y\u00fcksek hacimli kampanya d\u00f6nemlerinde, birka\u00e7 dakikal\u0131k kesinti bile ciddi ciro kayb\u0131na d\u00f6n\u00fc\u015febiliyor.<\/li>\n<li><strong>Marka g\u00fcveni ve itibar:<\/strong> Kullan\u0131c\u0131 g\u00f6z\u00fcnde sitenin ya da uygulaman\u0131n \u201cs\u0131k s\u0131k \u00e7\u00f6k\u00fcyor\u201d imaj\u0131, uzun vadede geri getirisi zor bir hasar b\u0131rak\u0131yor.<\/li>\n<li><strong>Operasyonel maliyet:<\/strong> Kriz an\u0131nda ekiplerin mesai d\u0131\u015f\u0131 \u00e7al\u0131\u015fmas\u0131, s\u00fcrekli m\u00fcdahale gereklili\u011fi, y\u00f6neticilerin dikkati vs. hepsi g\u00f6r\u00fcnmeyen ama ger\u00e7ek bir maliyet.<\/li>\n<li><strong>SEO ve g\u00f6r\u00fcn\u00fcrl\u00fck:<\/strong> S\u00fcrekli ya\u015fanan eri\u015fim problemleri, arama motoru taramalar\u0131n\u0131 ve s\u0131ralamalar\u0131 olumsuz etkileyebiliyor.<\/li>\n<li><strong>Altyap\u0131 maliyetleri:<\/strong> Plans\u0131z ve panik halinde yap\u0131lan \u00f6l\u00e7eklendirmeler, yanl\u0131\u015f konumland\u0131r\u0131lm\u0131\u015f kaynaklara ve gereksiz harcamalara yol a\u00e7abiliyor.<\/li>\n<\/ul>\n<p>K\u0131sa vadede sald\u0131r\u0131y\u0131 atlatm\u0131\u015f olabilirsiniz; ama uzun vadede bu etkilerin toplam\u0131, projenizin b\u00fcy\u00fcmesini ciddi \u015fekilde yava\u015flatabiliyor. Bu y\u00fczden DDoS\u2019u, sadece g\u00fcvenlik meselesi de\u011fil, <strong>i\u015f s\u00fcreklili\u011fi ve kapasite planlama konusu<\/strong> olarak ele almak gerekiyor.<\/p>\n<h2><span id=\"DDoS_Saldiri_Turleri_Hangi_Katman_Hangi_Risk\">DDoS Sald\u0131r\u0131 T\u00fcrleri: Hangi Katman, Hangi Risk?<\/span><\/h2>\n<p>Etkin savunma i\u00e7in; hangi t\u00fcr sald\u0131r\u0131n\u0131n, a\u011f\u0131n ve uygulaman\u0131n hangi noktas\u0131n\u0131 hedefledi\u011fini anlamak \u015fart. DDoS sald\u0131r\u0131lar\u0131n\u0131 kabaca \u00fc\u00e7 katmanda d\u00fc\u015f\u00fcnebiliriz:<\/p>\n<h3><span id=\"1_Ag_Katmani_L3_ve_Tasima_Katmani_L4_Saldirilari\">1. A\u011f Katman\u0131 (L3) ve Ta\u015f\u0131ma Katman\u0131 (L4) Sald\u0131r\u0131lar\u0131<\/span><\/h3>\n<p>Bu s\u0131n\u0131f sald\u0131r\u0131lar do\u011frudan IP seviyesinde ve ba\u011flant\u0131 tablosu \u00fczerinde bask\u0131 kurar:<\/p>\n<ul>\n<li><strong>SYN Flood:<\/strong> TCP ba\u011flant\u0131 kurulumu s\u0131ras\u0131nda \u201cyar\u0131m\u201d ba\u011flant\u0131lar y\u0131\u011farak, sunucunun ba\u011flant\u0131 tablosunu doldurur.<\/li>\n<li><strong>UDP Flood:<\/strong> UDP tabanl\u0131 servislerinize (DNS, VoIP, oyun sunucular\u0131 vb.) kontrols\u00fcz trafik g\u00f6nderir.<\/li>\n<li><strong>ICMP Flood:<\/strong> Ping ve benzeri ICMP paketleriyle bant geni\u015fli\u011fini t\u00fcketmeyi hedefler.<\/li>\n<li><strong>Amplification \/ Reflection:<\/strong> DNS, NTP, SSDP gibi protokoller \u00fczerinden y\u00fckseltilmi\u015f trafikle ba\u011flant\u0131 kapasitesini doldurur.<\/li>\n<\/ul>\n<p>Bu t\u00fcr sald\u0131r\u0131lara kar\u015f\u0131 en etkili \u00e7\u00f6z\u00fcmler genellikle <strong>a\u011f seviyesi filtreleme, rate limiting ve upstream korumad\u0131r<\/strong>. Sunucu seviyesinde ise <a href='https:\/\/www.dchost.com\/blog\/nftables-ile-vps-guvenlik-duvari-rehberi-rate-limit-port-knocking-ve-ipv6-kurallari-nasil-tatli-tatli-kurulur\/'>nftables gibi modern firewall \u00e7\u00f6z\u00fcmlerini do\u011fru kurgulamak<\/a> i\u00e7in g\u00fc\u00e7l\u00fc bir temel sunar.<\/p>\n<h3><span id=\"2_Uygulama_Katmani_L7_DDoS_Saldirilari\">2. Uygulama Katman\u0131 (L7) DDoS Sald\u0131r\u0131lar\u0131<\/span><\/h3>\n<p>Bu sald\u0131r\u0131larda hedef, HTTP(S) veya ba\u015fka bir uygulama protokol\u00fc \u00fczerinden do\u011frudan sunucu kaynaklar\u0131n\u0131 t\u00fcketmektir:<\/p>\n<ul>\n<li><strong>HTTP Flood:<\/strong> Ger\u00e7ek kullan\u0131c\u0131 trafi\u011fine \u00e7ok benzeyen ama hacmi y\u00fcksek isteklerle, PHP\/Node.js\/Java uygulaman\u0131z\u0131 ve veritaban\u0131n\u0131z\u0131 yorur.<\/li>\n<li><strong>Yava\u015f istek sald\u0131r\u0131lar\u0131 (Slowloris vb.):<\/strong> \u0130stekleri \u00e7ok yava\u015f g\u00f6nderip ba\u011flant\u0131lar\u0131 a\u00e7\u0131k tutarak, web sunucusunun connection slot\u2019lar\u0131n\u0131 doldurur.<\/li>\n<li><strong>\u00d6zel endpoint hedefleme:<\/strong> Arka planda a\u011f\u0131r sorgular \u00e7al\u0131\u015ft\u0131ran belirli API endpoint\u2019lerini veya rapor sayfalar\u0131n\u0131 hedef alarak, t\u00fcm sistemi kilitler.<\/li>\n<\/ul>\n<p>Bu noktada klasik a\u011f firewall\u2019lar\u0131 tek ba\u015f\u0131na yeterli olmaz; <strong>WAF, ak\u0131ll\u0131 rate limiting, bot tespiti, cache stratejileri<\/strong> devreye girmek zorundad\u0131r. Detayl\u0131 WAF kural setleri ve bot korumas\u0131 i\u00e7in az \u00f6nce link verdi\u011fimiz rehber, pratik ayar \u00f6rnekleriyle olduk\u00e7a i\u015flevsel.<\/p>\n<h3><span id=\"3_Kaynak_Tuketimi_ve_Karma_Saldirilar\">3. Kaynak T\u00fcketimi ve Karma Sald\u0131r\u0131lar<\/span><\/h3>\n<p>Modern DDoS kampanyalar\u0131 \u00e7o\u011fu zaman tek bir tekni\u011fe ba\u011fl\u0131 kalm\u0131yor. \u00d6nce b\u00fcy\u00fck bir L3\/L4 flood ile a\u011f cihazlar\u0131n\u0131z\u0131 me\u015fgul ederken, ayn\u0131 anda L7\u2019de HTTP flood ba\u015flat\u0131p, arkadaki uygulamay\u0131 ve veritaban\u0131n\u0131 s\u0131k\u0131\u015ft\u0131rabiliyorlar. Savunma da bu y\u00fczden katmanl\u0131 olmak zorunda: A\u011f, sunucu, uygulama ve mimari seviyeleri birlikte d\u00fc\u015f\u00fcn\u00fclmeli.<\/p>\n<h2><span id=\"Neden_Kucuk_ve_Orta_Olcekli_Projeler_Daha_Fazla_Hedef_Oluyor\">Neden K\u00fc\u00e7\u00fck ve Orta \u00d6l\u00e7ekli Projeler Daha Fazla Hedef Oluyor?<\/span><\/h2>\n<p>B\u00fcy\u00fck kurumlar DDoS\u2019a kar\u015f\u0131 y\u0131llard\u0131r yat\u0131r\u0131m yap\u0131yor: \u00f6zel a\u011f ekipleri, global da\u011f\u0131t\u0131k altyap\u0131lar, pahal\u0131 ticari \u00e7\u00f6z\u00fcmler\u2026 Sald\u0131rganlar ise do\u011fal olarak \u201czay\u0131f halkalar\u0131\u201d ar\u0131yor. \u0130\u015fte KOB\u0130\u2019ler, ni\u015f SaaS \u00fcr\u00fcnleri, orta \u00f6l\u00e7ekli e\u2011ticaret siteleri bu nedenle radar\u0131n tam ortas\u0131na d\u00fc\u015f\u00fcyor.<\/p>\n<p>DCHost taraf\u0131nda g\u00f6rd\u00fc\u011f\u00fcm\u00fcz ortak noktalar \u015funlar:<\/p>\n<ul>\n<li><strong>D\u00fc\u015f\u00fck b\u00fct\u00e7eli veya plans\u0131z altyap\u0131:<\/strong> Gerekli bant geni\u015fli\u011fi, firewall kurallar\u0131, izleme ve yedeklilik \u00e7o\u011fu zaman sonradan d\u00fc\u015f\u00fcn\u00fcl\u00fcyor.<\/li>\n<li><strong>Reaktif g\u00fcvenlik yakla\u015f\u0131m\u0131:<\/strong> \u201cBa\u015f\u0131m\u0131za gelir mi ki?\u201d sorusu, genellikle ilk ciddi sald\u0131r\u0131ya kadar ge\u00e7erlili\u011fini koruyor.<\/li>\n<li><strong>Yetersiz loglama ve izlenebilirlik:<\/strong> Sald\u0131r\u0131 an\u0131nda ne oldu\u011funa dair yeterli veri olmad\u0131\u011f\u0131 i\u00e7in, do\u011fru dersler \u00e7\u0131kar\u0131lam\u0131yor.<\/li>\n<\/ul>\n<p>Bu noktada kritik olan, DDoS\u2019u \u201csadece \u00e7ok b\u00fcy\u00fcklerin sorunu\u201d olmaktan \u00e7\u0131karmak ve kapasite planlamas\u0131, yedekleme, DNS stratejisi gibi konularla birlikte d\u00fc\u015f\u00fcnmek. Zaten blogumuzda <a href='https:\/\/www.dchost.com\/blog\/ddos-saldirilari-ve-korunma-yontemleri\/'>DDoS sald\u0131r\u0131lar\u0131 ve korunma y\u00f6ntemlerini daha teknik a\u00e7\u0131dan anlatt\u0131\u011f\u0131m\u0131z bir rehber<\/a> var; bu yaz\u0131, oradaki bilgileri daha stratejik bir \u00e7er\u00e7eveye oturtmay\u0131 hedefliyor.<\/p>\n<h2><span id=\"DDoSa_Karsi_Cok_Katmanli_Savunma_Stratejisi\">DDoS\u2019a Kar\u015f\u0131 \u00c7ok Katmanl\u0131 Savunma Stratejisi<\/span><\/h2>\n<p>Tek bir \u00fcr\u00fcn, tek bir ayar, tek bir firewall kural\u0131 DDoS sorununu \u201ctamamen \u00e7\u00f6zemeyecek\u201d. Ger\u00e7ek\u00e7i yakla\u015f\u0131m, <strong>\u00e7ok katmanl\u0131 bir savunma mimarisi<\/strong> kurmak ve her katman\u0131n rol\u00fcn\u00fc netle\u015ftirmek.<\/p>\n<h3><span id=\"1_Ag_Seviyesi_Koruma_Ilk_Darbe_Burada_Karsilanir\">1. A\u011f Seviyesi Koruma: \u0130lk Darbe Burada Kar\u015f\u0131lan\u0131r<\/span><\/h3>\n<p>DDoS dalgas\u0131n\u0131n \u00f6nemli bir k\u0131sm\u0131, uygulamaya ula\u015fmadan \u00f6nce a\u011f katman\u0131nda s\u00fcz\u00fclmelidir. Burada d\u00fc\u015f\u00fcnmeniz gereken ba\u015fl\u0131klar:<\/p>\n<ul>\n<li><strong>Do\u011fru y\u00f6nlendirilmi\u015f firewall kurallar\u0131:<\/strong> Kullanmad\u0131\u011f\u0131n\u0131z portlar\u0131 kapat\u0131n, kritik servisler i\u00e7in IP beyaz listesi (whitelist) kullan\u0131n, gerekti\u011finde rate limit uygulay\u0131n.<\/li>\n<li><strong>nftables \/ iptables tuning:<\/strong> <a href='https:\/\/www.dchost.com\/blog\/nftables-ile-vps-guvenlik-duvari-rehberi-rate-limit-port-knocking-ve-ipv6-kurallari-nasil-tatli-tatli-kurulur\/'>nftables ile rate limiting, ba\u011flant\u0131 takip kurallar\u0131 ve IPv6 kurallar\u0131n\u0131 do\u011fru kurgulamak<\/a>, L3\/L4 sald\u0131r\u0131lar\u0131n \u00f6nemli bir k\u0131sm\u0131n\u0131 daha sunucu kaynaklar\u0131n\u0131 t\u00fcketmeden durdurabilir.<\/li>\n<li><strong>Bant geni\u015fli\u011fi planlamas\u0131:<\/strong> Normal trafik seviyenizin biraz \u00fczerinde bir \u201cburst\u201d alan\u0131 tan\u0131mlay\u0131n; ama tamamen korumas\u0131z, s\u0131n\u0131rs\u0131z bir boru da istemezsiniz. Kritik olan, anormal art\u0131\u015f\u0131 tespit edecek metrik ve alarmlara sahip olmak.<\/li>\n<li><strong>Anycast DNS ve failover:<\/strong> DNS\u2019iniz tek bir noktada ise, o noktan\u0131n d\u00fc\u015fmesi t\u00fcm alan adlar\u0131n\u0131z\u0131 etkiler. <a href='https:\/\/www.dchost.com\/blog\/hic-kesilmeden-yayinda-kalmak-mumkun-mu-anycast-dns-ve-otomatik-failover-ile-nasil-saglanir\/'>Anycast DNS ve otomatik failover ile kesintisiz yay\u0131nda kalmay\u0131<\/a> anlatt\u0131\u011f\u0131m\u0131z rehber, DDoS\u2019a kar\u015f\u0131 diren\u00e7li bir DNS katman\u0131 kurman\u0131za yard\u0131mc\u0131 olur.<\/li>\n<\/ul>\n<h3><span id=\"2_Sunucu_Seviyesinde_Sertlestirme_Kapiyi_Tam_Kapatmadan_Guvenlik_Olmaz\">2. Sunucu Seviyesinde Sertle\u015ftirme: Kap\u0131y\u0131 Tam Kapatmadan G\u00fcvenlik Olmaz<\/span><\/h3>\n<p>A\u011f seviyesinden s\u00fcz\u00fclen trafik, sunucunuza geldi\u011finde h\u00e2l\u00e2 agresif davranabilir. Bu nedenle:<\/p>\n<ul>\n<li><strong>Kernel ve TCP ayarlar\u0131:<\/strong> SYN backlog, connection tracking limit\u2019leri, timeout de\u011ferleri gibi ayarlar, SYN flood gibi sald\u0131r\u0131lara ne kadar dayanaca\u011f\u0131n\u0131z\u0131 belirler.<\/li>\n<li><strong>Kaynak s\u0131n\u0131rlar\u0131 (ulimit, systemd):<\/strong> Her proses ve kullan\u0131c\u0131 i\u00e7in makul kaynak limitleri tan\u0131mlamak, bir servis kontrolden \u00e7\u0131kt\u0131\u011f\u0131nda t\u00fcm sistemi a\u015fa\u011f\u0131 \u00e7ekmesini engeller.<\/li>\n<li><strong>Loglama ve izleme:<\/strong> DDoS an\u0131nda CPU, load average, network I\/O, connection say\u0131lar\u0131 gibi metrikleri net g\u00f6rebilmek, do\u011fru aksiyonlar\u0131 se\u00e7menizi sa\u011flar.<\/li>\n<\/ul>\n<p>Zaten blogumuzda TCP tuning, firewall yap\u0131land\u0131rma, log y\u00f6netimi gibi konular\u0131 detayl\u0131 i\u015fliyoruz; DDoS savunmas\u0131nda da bu \u201calt yap\u0131 ta\u015flar\u0131\u201d kritik rol oynuyor.<\/p>\n<h3><span id=\"3_Uygulama_Katmani_Korumasi_WAF_Bot_Korumasi_ve_Akilli_Rate_Limit\">3. Uygulama Katman\u0131 Korumas\u0131: WAF, Bot Korumas\u0131 ve Ak\u0131ll\u0131 Rate Limit<\/span><\/h3>\n<p>L7 DDoS sald\u0131r\u0131lar\u0131nda sava\u015f alan\u0131 do\u011frudan web sunucunuz, uygulama framework\u2019\u00fcn\u00fcz (WordPress, Laravel, Node.js vb.) ve veritaban\u0131n\u0131zd\u0131r. Burada dikkat edilmesi gerekenler:<\/p>\n<ul>\n<li><strong>WAF (Web Application Firewall):<\/strong> SQL injection, XSS gibi klasik web sald\u0131r\u0131lar\u0131n\u0131 engellemenin \u00f6tesinde, anormal istek paternlerini fark edip d\u00fc\u015f\u00fcrme yetene\u011fi olan bir WAF, L7 DDoS\u2019un \u00f6nemli k\u0131sm\u0131n\u0131 filtreleyebilir.<\/li>\n<li><strong>Bot tespiti:<\/strong> Davran\u0131\u015fsal analiz, taray\u0131c\u0131 parmak izi, JavaScript do\u011frulamas\u0131 gibi tekniklerle; ger\u00e7ek kullan\u0131c\u0131 ile sald\u0131r\u0131 bot\u2019unu ay\u0131rt etmek m\u00fcmk\u00fcn.<\/li>\n<li><strong>Ak\u0131ll\u0131 rate limit:<\/strong> IP ba\u015f\u0131na saniyelik istek limiti yeterli de\u011fil; kullan\u0131c\u0131 t\u00fcr\u00fc, endpoint t\u00fcr\u00fc (API vs HTML), HTTP metoduna g\u00f6re daha ince ayarl\u0131 limitler kurgulamak gerekir.<\/li>\n<li><strong>Cache stratejisi:<\/strong> \u00d6zellikle statik ve yar\u0131 statik sayfalar\u0131 \u00f6ny\u00fcz katman\u0131nda cache\u2019lemek, DDoS an\u0131nda arka u\u00e7 y\u00fck\u00fcn\u00fc ciddi \u00f6l\u00e7\u00fcde azalt\u0131r.<\/li>\n<\/ul>\n<p>Bu ba\u015fl\u0131klar\u0131n \u00e7o\u011funu, WAF ve bot korumas\u0131n\u0131 birlikte nas\u0131l konumlayabilece\u011finizi anlatt\u0131\u011f\u0131m\u0131z rehberde ger\u00e7ek d\u00fcnya \u00f6rnekleriyle yazd\u0131k; DDoS savunma katman\u0131n\u0131z\u0131 tasarlarken oradan ilham alman\u0131z faydal\u0131 olacakt\u0131r.<\/p>\n<h3><span id=\"4_Mimarinin_Dayanikliligi_Tek_Noktadan_Kirilmayi_Onlemek\">4. Mimarinin Dayan\u0131kl\u0131l\u0131\u011f\u0131: Tek Noktadan K\u0131r\u0131lmay\u0131 \u00d6nlemek<\/span><\/h3>\n<p>Ne kadar iyi firewall ve WAF kurgularsan\u0131z kurun, t\u00fcm sisteminiz tek bir sunucu veya tek bir veri merkezi noktas\u0131na ba\u011fl\u0131ysa, DDoS kar\u015f\u0131s\u0131nda k\u0131r\u0131lgan kal\u0131rs\u0131n\u0131z. Mimarinizde d\u00fc\u015f\u00fcnmeniz gerekenler:<\/p>\n<ul>\n<li><strong>Yatay \u00f6l\u00e7ekleme:<\/strong> Uygulaman\u0131z\u0131, gerekti\u011finde birden \u00e7ok <a href=\"https:\/\/www.dchost.com\/tr\/vps\">VPS<\/a> veya fiziksel sunucuya yayabilecek \u015fekilde tasarlay\u0131n.<\/li>\n<li><strong>Y\u00fck dengeleyici (load balancer):<\/strong> Trafi\u011fi birden \u00e7ok backend\u2019e da\u011f\u0131tan, health check ve failover destekli bir katman kullan\u0131n.<\/li>\n<li><strong>\u00c7ok b\u00f6lgeli (multi-region) senaryolar:<\/strong> Kritik projeler i\u00e7in birden fazla veri merkezi veya en az\u0131ndan farkl\u0131 network segmentlerinde yedekli yay\u0131n noktalar\u0131 olu\u015fturun.<\/li>\n<li><strong>Cache ve CDN kullan\u0131m\u0131:<\/strong> Statik i\u00e7erikleri, m\u00fcmk\u00fcn oldu\u011funca origin sunucudan uza\u011fa ta\u015f\u0131y\u0131n; b\u00f6ylece DDoS an\u0131nda as\u0131l sunucunuzun y\u00fck\u00fc azal\u0131r.<\/li>\n<\/ul>\n<p>Bu t\u00fcr mimari kararlar, sadece DDoS\u2019a de\u011fil, donan\u0131m ar\u0131zalar\u0131, a\u011f kesintileri ve yaz\u0131l\u0131m hatalar\u0131na kar\u015f\u0131 da ciddi kazan\u0131mlar sa\u011flar.<\/p>\n<h3><span id=\"5_Operasyonel_Hazirlik_Runbook_Test_ve_Iletisim\">5. Operasyonel Haz\u0131rl\u0131k: Runbook, Test ve \u0130leti\u015fim<\/span><\/h3>\n<p>DDoS savunmas\u0131n\u0131n en \u00e7ok ihmal edilen k\u0131sm\u0131, \u201ckimin ne zaman ne yapaca\u011f\u0131\u201dd\u0131r. Teknik \u00f6nlemler kadar, operasyonel haz\u0131rl\u0131k da kritik:<\/p>\n<ul>\n<li><strong>Olay m\u00fcdahale runbook\u2019u:<\/strong> DDoS tespit edildi\u011finde kim haberdar edilir, hangi ad\u0131mlar s\u0131rayla uygulan\u0131r, hangi metriklere bak\u0131l\u0131r, kim yetkilidir? Bunlar\u0131 \u00f6nceden yaz\u0131l\u0131 hale getirin.<\/li>\n<li><strong>Test ve tatbikat:<\/strong> Trafik sim\u00fclasyonlar\u0131 veya kontroll\u00fc y\u00fck testleri ile savunma zincirinizi belli aral\u0131klarla s\u0131nay\u0131n.<\/li>\n<li><strong>M\u00fc\u015fteri ileti\u015fimi:<\/strong> E\u2011ticaret, SaaS veya kurumsal projelerde; kesinti\/k\u0131smi eri\u015fim sorunlar\u0131 ya\u015fand\u0131\u011f\u0131nda kullan\u0131c\u0131y\u0131 do\u011fru ve zaman\u0131nda bilgilendirmek, itibar a\u00e7\u0131s\u0131ndan teknik \u00e7\u00f6z\u00fcmler kadar \u00f6nemlidir.<\/li>\n<\/ul>\n<p>Felaket kurtarma, yedekleme ve i\u015f s\u00fcreklili\u011fi konular\u0131nda yazd\u0131\u011f\u0131m\u0131z rehberler de bu noktada tamamlay\u0131c\u0131 rol oynuyor. DDoS\u2019u sadece \u201canl\u0131k sald\u0131r\u0131\u201d gibi de\u011fil, <strong>s\u00fcreklilik y\u00f6netiminin bir par\u00e7as\u0131<\/strong> olarak d\u00fc\u015f\u00fcnmek, yakla\u015f\u0131m\u0131n\u0131z\u0131 olgunla\u015ft\u0131racakt\u0131r.<\/p>\n<h2><span id=\"DCHost_Tarafinda_DDoSa_Nasil_Bakiyoruz\">DCHost Taraf\u0131nda DDoS\u2019a Nas\u0131l Bak\u0131yoruz?<\/span><\/h2>\n<p>DCHost ekibi olarak; DDoS\u2019u tek bir d\u00fc\u011fmeye basarak \u00e7\u00f6z\u00fclebilecek sihirli bir problem gibi g\u00f6stermeyi sevmiyoruz. Ger\u00e7ek d\u00fcnyada \u00e7al\u0131\u015fan \u00e7\u00f6z\u00fcmler, her m\u00fc\u015fterinin trafi\u011fine, i\u015f modeline ve risk i\u015ftah\u0131na g\u00f6re \u00f6zelle\u015ftirilmi\u015f olmak zorunda.<\/p>\n<p>Bizim yakla\u015f\u0131m\u0131m\u0131z \u00f6zetle \u015f\u00f6yle:<\/p>\n<ul>\n<li>Altyap\u0131 seviyesinde, a\u011f ve firewall katmanlar\u0131n\u0131 DDoS dalgas\u0131na dayanacak \u015fekilde tasarlamak<\/li>\n<li>VPS, dedicated ve colocation m\u00fc\u015fterilerimiz i\u00e7in, sald\u0131r\u0131 paternlerine g\u00f6re \u00f6zelle\u015ftirilmi\u015f kural setleri ve izleme metrikleri haz\u0131rlamak<\/li>\n<li>Uygulama katman\u0131nda WAF\/bot korumas\u0131, cache ve \u00f6l\u00e7ekleme stratejileri konusunda dan\u0131\u015fmanl\u0131k vermek<\/li>\n<li>Olay an\u0131nda \u015feffaf ileti\u015fim, net loglama ve sonras\u0131nda birlikte <strong>post\u2011mortem<\/strong> yaparak savunma zincirini s\u00fcrekli iyile\u015ftirmek<\/li>\n<\/ul>\n<p>Bunun yan\u0131nda, sadece DDoS\u2019a odaklanmak yerine, alan ad\u0131 g\u00fcvenli\u011finden DNSSEC\u2019e, HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131ndan e\u2011posta g\u00fcvenli\u011fine kadar u\u00e7tan uca bir siber g\u00fcvenlik \u00e7er\u00e7evesi i\u00e7inde hareket ediyoruz. \u00d6rne\u011fin alan ad\u0131n\u0131z\u0131 daha g\u00fcvenli hale getirmek i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/alan-adi-guvenligi-rehberi-registrar-lock-dnssec-whois-gizliligi-ve-2fa\/'>alan ad\u0131 g\u00fcvenli\u011fi rehberimiz<\/a>, DNS ve alan ad\u0131 taraf\u0131n\u0131 g\u00fc\u00e7lendirmenize yard\u0131mc\u0131 olacakt\u0131r.<\/p>\n<h2><span id=\"Sonuc_DDoS_Saldirilari_Kalici_Cozum_Stratejik_Olmali\">Sonu\u00e7: DDoS Sald\u0131r\u0131lar\u0131 Kal\u0131c\u0131, \u00c7\u00f6z\u00fcm Stratejik Olmal\u0131<\/span><\/h2>\n<p>DDoS sald\u0131r\u0131lar\u0131 ne yaz\u0131k ki kaybolmayacak; aksine daha sofistike hale gelerek kar\u015f\u0131m\u0131za \u00e7\u0131kmaya devam edecek. \u0130yi haber \u015fu ki; do\u011fru mimari, d\u00fczg\u00fcn yap\u0131land\u0131r\u0131lm\u0131\u015f a\u011f ve sunucu katman\u0131, ak\u0131ll\u0131 WAF\/bot korumas\u0131 ve net bir operasyonel planla, bu sald\u0131r\u0131lar\u0131 i\u015f s\u00fcreklili\u011finizi tehdit eden bir \u201cfelaket\u201d olmaktan \u00e7\u0131kar\u0131p, y\u00f6netilebilir bir risk haline getirebilirsiniz.<\/p>\n<p>E\u011fer \u015fu an zaten yo\u011fun trafik alan bir projeniz varsa veya b\u00fcy\u00fcme planlar\u0131n\u0131zda reklam kampanyalar\u0131, influencer i\u015f birlikleri, yeni \u00fclke a\u00e7\u0131l\u0131mlar\u0131 gibi ad\u0131mlar varsa; DDoS\u2019u kapasite planlaman\u0131z\u0131n do\u011fal bir par\u00e7as\u0131 olarak d\u00fc\u015f\u00fcnme zaman\u0131 gelmi\u015f demektir. Altyap\u0131n\u0131z\u0131 DDoS\u2019a kar\u015f\u0131 nas\u0131l g\u00fc\u00e7lendirebilece\u011finiz, hangi katmanda hangi \u00f6nlemleri alman\u0131z gerekti\u011fi veya mevcut DCHost hizmetlerinizi bu \u00e7er\u00e7evede nas\u0131l optimize edebilece\u011fimiz konusunda konu\u015fmak isterseniz, ekibimiz her zaman ula\u015f\u0131labilir.<\/p>\n<p>Projelerinizi kesintiye u\u011fratmadan b\u00fcy\u00fctmek, sald\u0131r\u0131 anlar\u0131nda panik yerine sakin ve planl\u0131 hareket etmek i\u00e7in; bug\u00fcnden k\u00fc\u00e7\u00fck ad\u0131mlarla ba\u015flamak yeterli. DCHost olarak, bu yolculukta hem altyap\u0131 hem de bilgi taraf\u0131nda yan\u0131n\u0131zda olmaktan memnuniyet duyar\u0131z.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>DDoS sald\u0131r\u0131lar\u0131 bir d\u00f6nem sadece b\u00fcy\u00fck bankalar\u0131n, global oyun \u015firketlerinin ve dev portallar\u0131n derdi gibi g\u00f6r\u00fcn\u00fcyordu. Bug\u00fcn ise orta \u00f6l\u00e7ekli bir e\u2011ticaret sitesi, SaaS \u00fcr\u00fcn\u00fc geli\u015ftiren k\u00fc\u00e7\u00fck bir ekip ya da kurumsal vitrini olan bir hukuk b\u00fcrosu, birka\u00e7 dakika i\u00e7inde ayn\u0131 kabusun i\u00e7inde bulabiliyor kendini. Trafik bir anda \u015fi\u015fiyor, CPU ve bant geni\u015fli\u011fi tavan yap\u0131yor, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2159,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33,30,26],"tags":[],"class_list":["post-2158","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nasil-yapilir","category-nedir","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/2158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=2158"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/2158\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/2159"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=2158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=2158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=2158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}