{"id":2821,"date":"2025-12-03T23:29:30","date_gmt":"2025-12-03T20:29:30","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/yeni-acilan-web-siteleri-icin-hosting-guvenlik-check-listi-ilk-gunden-yapilmasi-gereken-20-ayar\/"},"modified":"2025-12-03T23:29:30","modified_gmt":"2025-12-03T20:29:30","slug":"yeni-acilan-web-siteleri-icin-hosting-guvenlik-check-listi-ilk-gunden-yapilmasi-gereken-20-ayar","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/yeni-acilan-web-siteleri-icin-hosting-guvenlik-check-listi-ilk-gunden-yapilmasi-gereken-20-ayar\/","title":{"rendered":"Yeni A\u00e7\u0131lan Web Siteleri \u0130\u00e7in Hosting G\u00fcvenlik Check\u2011list\u2019i: \u0130lk G\u00fcnden Yap\u0131lmas\u0131 Gereken 20 Ayar"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#Yeni_Web_Siteniz_Icin_Guvenlik_Neden_Ilk_Gunden_Baslamali\"><span class=\"toc_number toc_depth_1\">1<\/span> Yeni Web Siteniz \u0130\u00e7in G\u00fcvenlik Neden \u0130lk G\u00fcnden Ba\u015flamal\u0131?<\/a><\/li><li><a href=\"#1_Katman_Kimlik_ve_Erisim_Guvenligi\"><span class=\"toc_number toc_depth_1\">2<\/span> 1. Katman: Kimlik ve Eri\u015fim G\u00fcvenli\u011fi<\/a><ul><li><a href=\"#1_Hosting_ve_Musteri_Paneline_Iki_Asamali_Dogrulama_2FA_Kurun\"><span class=\"toc_number toc_depth_2\">2.1<\/span> 1. Hosting ve M\u00fc\u015fteri Paneline \u0130ki A\u015famal\u0131 Do\u011frulama (2FA) Kurun<\/a><\/li><li><a href=\"#2_Tum_Hesaplar_Icin_Benzersiz_ve_Guclu_Sifre_Politikasi\"><span class=\"toc_number toc_depth_2\">2.2<\/span> 2. T\u00fcm Hesaplar \u0130\u00e7in Benzersiz ve G\u00fc\u00e7l\u00fc \u015eifre Politikas\u0131<\/a><\/li><li><a href=\"#3_SSH_Erisiminde_Sifreyi_Kapatin_Anahtar_Tabanli_Giris_Kullanin_VPSDedicated\"><span class=\"toc_number toc_depth_2\">2.3<\/span> 3. SSH Eri\u015fiminde \u015eifreyi Kapat\u0131n, Anahtar Tabanl\u0131 Giri\u015f Kullan\u0131n (VPS\/Dedicated)<\/a><\/li><li><a href=\"#4_Kontrol_Paneli_cPanelPleskDirectAdmin_Kullanicilarini_Ayristirin\"><span class=\"toc_number toc_depth_2\">2.4<\/span> 4. Kontrol Paneli (cPanel\/Plesk\/DirectAdmin) Kullan\u0131c\u0131lar\u0131n\u0131 Ayr\u0131\u015ft\u0131r\u0131n<\/a><\/li><\/ul><\/li><li><a href=\"#2_Katman_Ag_ve_Sunucu_Yuzeyi_Guvenligi\"><span class=\"toc_number toc_depth_1\">3<\/span> 2. Katman: A\u011f ve Sunucu Y\u00fczeyi G\u00fcvenli\u011fi<\/a><ul><li><a href=\"#5_Guvenlik_Duvari_Firewall_Kurallarini_Ilk_Gunden_Daraltin\"><span class=\"toc_number toc_depth_2\">3.1<\/span> 5. G\u00fcvenlik Duvar\u0131 (Firewall) Kurallar\u0131n\u0131 \u0130lk G\u00fcnden Daralt\u0131n<\/a><\/li><li><a href=\"#6_Fail2ban_veya_Benzeri_BruteForce_Korumasi_Kullanin_VPSDedicated\"><span class=\"toc_number toc_depth_2\">3.2<\/span> 6. Fail2ban veya Benzeri Brute\u2011Force Korumas\u0131 Kullan\u0131n (VPS\/Dedicated)<\/a><\/li><li><a href=\"#7_Isletim_Sistemi_ve_Panel_Guncellemelerini_Otomatiklestirin\"><span class=\"toc_number toc_depth_2\">3.3<\/span> 7. \u0130\u015fletim Sistemi ve Panel G\u00fcncellemelerini Otomatikle\u015ftirin<\/a><\/li><li><a href=\"#8_Sunucu_Zamanini_ve_NTP_Senkronizasyonunu_Dogru_Kurun\"><span class=\"toc_number toc_depth_2\">3.4<\/span> 8. Sunucu Zaman\u0131n\u0131 ve NTP Senkronizasyonunu Do\u011fru Kurun<\/a><\/li><\/ul><\/li><li><a href=\"#3_Katman_HTTPS_Tarayici_Guvenligi_ve_WAF\"><span class=\"toc_number toc_depth_1\">4<\/span> 3. Katman: HTTPS, Taray\u0131c\u0131 G\u00fcvenli\u011fi ve WAF<\/a><ul><li><a href=\"#9_SSLTLS_Sertifikasini_Kurun_ve_HTTP_HTTPS_Zorlamasini_Yapin\"><span class=\"toc_number toc_depth_2\">4.1<\/span> 9. SSL\/TLS Sertifikas\u0131n\u0131 Kurun ve HTTP \u2192 HTTPS Zorlamas\u0131n\u0131 Yap\u0131n<\/a><\/li><li><a href=\"#10_HTTP_Guvenlik_Basliklarini_Security_Headers_Uygulayin\"><span class=\"toc_number toc_depth_2\">4.2<\/span> 10. HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131n\u0131 (Security Headers) Uygulay\u0131n<\/a><\/li><li><a href=\"#11_Yonetim_Panellerini_IP_Kisitlama_veya_mTLS_ile_Koruyun\"><span class=\"toc_number toc_depth_2\">4.3<\/span> 11. Y\u00f6netim Panellerini IP K\u0131s\u0131tlama veya mTLS ile Koruyun<\/a><\/li><li><a href=\"#12_WAF_Web_Application_Firewall_ile_Uygulama_Katmanini_Filtreleyin\"><span class=\"toc_number toc_depth_2\">4.4<\/span> 12. WAF (Web Application Firewall) ile Uygulama Katman\u0131n\u0131 Filtreleyin<\/a><\/li><\/ul><\/li><li><a href=\"#4_Katman_Uygulama_Dosya_Izinleri_ve_Yedekleme\"><span class=\"toc_number toc_depth_1\">5<\/span> 4. Katman: Uygulama, Dosya \u0130zinleri ve Yedekleme<\/a><ul><li><a href=\"#13_Dosya_ve_Dizin_Izinlerini_Sertlestirin\"><span class=\"toc_number toc_depth_2\">5.1<\/span> 13. Dosya ve Dizin \u0130zinlerini Sertle\u015ftirin<\/a><\/li><li><a href=\"#14_Varsayilan_Admin_Kullanici_Adi_ve_URLlerini_Degistirin\"><span class=\"toc_number toc_depth_2\">5.2<\/span> 14. Varsay\u0131lan Admin Kullan\u0131c\u0131 Ad\u0131 ve URL\u2019lerini De\u011fi\u015ftirin<\/a><\/li><li><a href=\"#15_Otomatik_Yedekleme_ve_321_Stratejisini_Ilk_Gunden_Kurun\"><span class=\"toc_number toc_depth_2\">5.3<\/span> 15. Otomatik Yedekleme ve 3\u20112\u20111 Stratejisini \u0130lk G\u00fcnden Kurun<\/a><\/li><li><a href=\"#16_Yedekten_Geri_Donus_Testini_Ertelemeden_Yapin\"><span class=\"toc_number toc_depth_2\">5.4<\/span> 16. Yedekten Geri D\u00f6n\u00fc\u015f Testini Ertelemeden Yap\u0131n<\/a><\/li><\/ul><\/li><li><a href=\"#5_Katman_DNS_Alan_Adi_ve_Eposta_Guvenligi\"><span class=\"toc_number toc_depth_1\">6<\/span> 5. Katman: DNS, Alan Ad\u0131 ve E\u2011posta G\u00fcvenli\u011fi<\/a><ul><li><a href=\"#17_DNS_Kayitlarinizi_Minimum_Yetki_Ilkesiyle_Tasarlayin\"><span class=\"toc_number toc_depth_2\">6.1<\/span> 17. DNS Kay\u0131tlar\u0131n\u0131z\u0131 Minimum Yetki \u0130lkesiyle Tasarlay\u0131n<\/a><\/li><li><a href=\"#18_Alan_Adinizi_Kilitleyin_DNSSEC_ve_Registrar_Lock_Kullanin\"><span class=\"toc_number toc_depth_2\">6.2<\/span> 18. Alan Ad\u0131n\u0131z\u0131 Kilitleyin, DNSSEC ve Registrar Lock Kullan\u0131n<\/a><\/li><li><a href=\"#19_SPF_DKIM_DMARC_ile_Eposta_Kimlik_Dogrulamasini_Kurun\"><span class=\"toc_number toc_depth_2\">6.3<\/span> 19. SPF, DKIM, DMARC ile E\u2011posta Kimlik Do\u011frulamas\u0131n\u0131 Kurun<\/a><\/li><li><a href=\"#20_Eposta_Girisleri_Icin_de_2FA_ve_Guclu_Sifre_Zorunlu_Olsun\"><span class=\"toc_number toc_depth_2\">6.4<\/span> 20. E\u2011posta Giri\u015fleri \u0130\u00e7in de 2FA ve G\u00fc\u00e7l\u00fc \u015eifre Zorunlu Olsun<\/a><\/li><\/ul><\/li><li><a href=\"#Ozet_Guvenligi_Sonraya_Birakirsaniz_Maliyeti_Katlanarak_Artar\"><span class=\"toc_number toc_depth_1\">7<\/span> \u00d6zet: G\u00fcvenli\u011fi Sonraya B\u0131rak\u0131rsan\u0131z, Maliyeti Katlanarak Artar<\/a><\/li><\/ul><\/div>\n<h2><span id=\"Yeni_Web_Siteniz_Icin_Guvenlik_Neden_Ilk_Gunden_Baslamali\">Yeni Web Siteniz \u0130\u00e7in G\u00fcvenlik Neden \u0130lk G\u00fcnden Ba\u015flamal\u0131?<\/span><\/h2>\n<p>Yeni bir web sitesi a\u00e7arken herkes tasar\u0131m, h\u0131z ve SEO ayarlar\u0131na odaklan\u0131yor. G\u00fcvenlik ise \u00e7o\u011fu zaman \u201csonra bakar\u0131z\u201d diye ertelenen bir ba\u015fl\u0131k oluyor. Sonra ne oluyor? Bir g\u00fcn e-posta kutunuza \u201csiteniz zararl\u0131 yaz\u0131l\u0131m da\u011f\u0131t\u0131yor\u201d uyar\u0131s\u0131 d\u00fc\u015f\u00fcyor, taray\u0131c\u0131lar sitenizi <strong>\u201cG\u00fcvenli de\u011fil\u201d<\/strong> diye i\u015faretliyor, arama sonu\u00e7lar\u0131ndan g\u00f6r\u00fcn\u00fcrl\u00fc\u011f\u00fcn\u00fcz d\u00fc\u015f\u00fcyor. T\u00fcm bu sorunlar\u0131n ortak noktas\u0131, ilk g\u00fcnden do\u011fru hosting g\u00fcvenlik ayarlar\u0131n\u0131n yap\u0131lmam\u0131\u015f olmas\u0131.<\/p>\n<p>DCHost taraf\u0131nda g\u00f6rd\u00fc\u011f\u00fcm\u00fcz vakalar\u0131n \u00f6nemli bir k\u0131sm\u0131, asl\u0131nda basit bir g\u00fcvenlik check\u2011list\u2019i ile ba\u015ftan engellenebilecek sorunlar. Bu yaz\u0131da tam olarak bunu yapaca\u011f\u0131z: Yeni a\u00e7\u0131lan bir web sitesi i\u00e7in, <strong>ilk g\u00fcnden uygulanmas\u0131 gereken 20 kritik hosting g\u00fcvenlik ayar\u0131n\u0131<\/strong> ad\u0131m ad\u0131m listeleyece\u011fiz. <a href=\"https:\/\/www.dchost.com\/tr\/web-hosting\">payla\u015f\u0131ml\u0131 hosting<\/a>, <a href=\"https:\/\/www.dchost.com\/tr\/vps\">VPS<\/a> veya <a href=\"https:\/\/www.dchost.com\/tr\/fiziksel-sunucu\">dedicated sunucu<\/a> kullan\u0131yor olman\u0131z fark etmez; her maddede hangi senaryoda ne yapman\u0131z gerekti\u011fini \u00f6zellikle belirtece\u011fim. Amac\u0131m\u0131z; karma\u015f\u0131k teoriler de\u011fil, <strong>uygulanabilir ve kontrol edilebilir bir g\u00fcvenlik checklist\u2019i<\/strong> b\u0131rakmak.<\/p>\n<p>E\u011fer hen\u00fcz alan ad\u0131n\u0131z\u0131 ald\u0131ktan sonra temel DNS ve SSL ad\u0131mlar\u0131n\u0131 atmad\u0131ysan\u0131z, bu yaz\u0131yla birlikte <a href=\"https:\/\/www.dchost.com\/blog\/yeni-alan-adi-aldiktan-sonra-ilk-30-gun-icin-dns-ssl-e%e2%80%91posta-ve-seo-kontrol-listesi\/\">yeni alan ad\u0131 i\u00e7in 30 g\u00fcnl\u00fck DNS, SSL ve e\u2011posta kontrol listemizi<\/a> de paralel okuman\u0131z\u0131 kesinlikle \u00f6neririm.<\/p>\n<h2><span id=\"1_Katman_Kimlik_ve_Erisim_Guvenligi\">1. Katman: Kimlik ve Eri\u015fim G\u00fcvenli\u011fi<\/span><\/h2>\n<h3><span id=\"1_Hosting_ve_Musteri_Paneline_Iki_Asamali_Dogrulama_2FA_Kurun\">1. Hosting ve M\u00fc\u015fteri Paneline \u0130ki A\u015famal\u0131 Do\u011frulama (2FA) Kurun<\/span><\/h3>\n<p>Yeni a\u00e7\u0131lan her sitenin en kritik zay\u0131f noktalar\u0131ndan biri, hosting ve m\u00fc\u015fteri paneli giri\u015fleridir. Buralara eri\u015fimi ele ge\u00e7iren biri, sitenizi, DNS kay\u0131tlar\u0131n\u0131z\u0131, e\u2011posta hesaplar\u0131n\u0131z\u0131 ve hatta faturalar\u0131n\u0131z\u0131 bile y\u00f6netebilir.<\/p>\n<p>\u0130lk g\u00fcnden yapman\u0131z gereken:<\/p>\n<ul>\n<li>DCHost m\u00fc\u015fteri panelinize giri\u015f yap\u0131n ve <strong>iki a\u015famal\u0131 do\u011frulama (2FA)<\/strong> \u00f6zelli\u011fini aktif edin.<\/li>\n<li>Google Authenticator, Authy veya benzeri bir uygulama ile zaman bazl\u0131 kod \u00fcretimini tercih edin; SMS m\u00fcmk\u00fcnse <strong>yedek<\/strong> y\u00f6ntem olsun.<\/li>\n<li>Yedek kurtarma kodlar\u0131n\u0131 g\u00fcvenli bir yerde (\u015fifre y\u00f6neticiniz, offline not) saklay\u0131n.<\/li>\n<\/ul>\n<p>Bu ad\u0131m tek ba\u015f\u0131na, \u00e7al\u0131nan \u015fifre senaryolar\u0131n\u0131n b\u00fcy\u00fck bir k\u0131sm\u0131n\u0131 daha ba\u015flamadan kapat\u0131r.<\/p>\n<h3><span id=\"2_Tum_Hesaplar_Icin_Benzersiz_ve_Guclu_Sifre_Politikasi\">2. T\u00fcm Hesaplar \u0130\u00e7in Benzersiz ve G\u00fc\u00e7l\u00fc \u015eifre Politikas\u0131<\/span><\/h3>\n<p>Yeni site kurulumlar\u0131nda g\u00f6rd\u00fc\u011f\u00fcm\u00fcz en yayg\u0131n hata, her yerde ayn\u0131 veya benzer \u015fifrelerin kullan\u0131lmas\u0131. \u00d6zellikle \u201calan ad\u0131 paneli + hosting paneli + WordPress admin\u201d gibi kritik giri\u015flerin ayn\u0131 \u015fifreyi payla\u015fmas\u0131 ciddi risk.<\/p>\n<p>Dikkat etmeniz gerekenler:<\/p>\n<ul>\n<li>Her kritik hesap i\u00e7in <strong>benzersiz<\/strong> \u015fifre kullan\u0131n (registrar, DCHost hesab\u0131, cPanel\/Plesk, CMS admin, veritaban\u0131).<\/li>\n<li>\u015eifre uzunlu\u011funu en az 14 karakter, karma\u015f\u0131kl\u0131\u011f\u0131 y\u00fcksek (b\u00fcy\u00fck\/k\u00fc\u00e7\u00fck harf, rakam, sembol) olacak \u015fekilde belirleyin.<\/li>\n<li>\u015eifreleri mutlaka bir <strong>\u015fifre y\u00f6neticisinde<\/strong> saklay\u0131n; taray\u0131c\u0131 otomatik kayd\u0131na tek ba\u015f\u0131na g\u00fcvenmeyin.<\/li>\n<li>Ajans, freelancer veya d\u0131\u015f yaz\u0131l\u0131mc\u0131ya ge\u00e7ici hesap verin, <strong>i\u015f bitti\u011finde silin<\/strong> veya \u015fifreyi de\u011fi\u015ftirin.<\/li>\n<\/ul>\n<h3><span id=\"3_SSH_Erisiminde_Sifreyi_Kapatin_Anahtar_Tabanli_Giris_Kullanin_VPSDedicated\">3. SSH Eri\u015fiminde \u015eifreyi Kapat\u0131n, Anahtar Tabanl\u0131 Giri\u015f Kullan\u0131n (VPS\/Dedicated)<\/span><\/h3>\n<p>E\u011fer sitenizi payla\u015f\u0131ml\u0131 hosting yerine <strong>VPS<\/strong> veya <strong>dedicated sunucu<\/strong> \u00fczerinde bar\u0131nd\u0131r\u0131yorsan\u0131z, SSH eri\u015fimi kritik \u00f6nem ta\u015f\u0131r. Varsay\u0131lan haliyle, sadece kullan\u0131c\u0131 ad\u0131\/\u015fifre ile a\u00e7\u0131k b\u0131rak\u0131lm\u0131\u015f SSH portu, brute\u2011force sald\u0131r\u0131lar\u0131n bir numaral\u0131 hedefidir.<\/p>\n<p>\u0130lk g\u00fcnden \u015fu ad\u0131mlar\u0131 planlay\u0131n:<\/p>\n<ul>\n<li>SSH i\u00e7in <strong>anahtar tabanl\u0131 do\u011frulama<\/strong> (public\/private key) kurun.<\/li>\n<li><code>PermitRootLogin<\/code> de\u011ferini <code>no<\/code> yaparak do\u011frudan root giri\u015fini kapat\u0131n.<\/li>\n<li>SSH portunu de\u011fi\u015ftirmek tek ba\u015f\u0131na g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc de\u011fildir, ama log g\u00fcr\u00fclt\u00fcs\u00fcn\u00fc azalt\u0131r.<\/li>\n<li>M\u00fcmk\u00fcnse sadece belirli IP\u2019lerden SSH eri\u015fimine izin verin.<\/li>\n<\/ul>\n<p>Bu konuyu daha derinlemesine kurmak isterseniz, <a href=\"https:\/\/www.dchost.com\/blog\/vpste-ssh-guvenligi-nasil-saglamlasir-fido2-anahtarlari-ssh-ca-ve-rotasyonun-sicak-bir-yolculugu\/\">VPS\u2019te SSH g\u00fcvenli\u011fi ve FIDO2 anahtarlar\u0131<\/a> hakk\u0131nda haz\u0131rlad\u0131\u011f\u0131m\u0131z rehbere mutlaka g\u00f6z at\u0131n.<\/p>\n<h3><span id=\"4_Kontrol_Paneli_cPanelPleskDirectAdmin_Kullanicilarini_Ayristirin\">4. Kontrol Paneli (cPanel\/Plesk\/DirectAdmin) Kullan\u0131c\u0131lar\u0131n\u0131 Ayr\u0131\u015ft\u0131r\u0131n<\/span><\/h3>\n<p>Yeni a\u00e7\u0131lan sitelerde s\u0131k g\u00f6rd\u00fc\u011f\u00fcm\u00fcz bir ba\u015fka risk de, tek bir hosting hesab\u0131 alt\u0131nda birden fazla sitenin <strong>ayn\u0131 kullan\u0131c\u0131<\/strong> ile bar\u0131nd\u0131r\u0131lmas\u0131. \u00d6zellikle ajans ve freelancer\u2019lar i\u00e7in bu, bir sitenin hacklenmesi durumunda di\u011ferlerinin de etkilenmesi anlam\u0131na geliyor.<\/p>\n<p>Yapman\u0131z gerekenler:<\/p>\n<ul>\n<li>M\u00fcmk\u00fcnse <strong>her proje i\u00e7in ayr\u0131 bir hosting hesab\u0131<\/strong> veya en az\u0131ndan ayr\u0131 kullan\u0131c\u0131\/hesap a\u00e7\u0131n.<\/li>\n<li>FTP\/SFTP kullan\u0131c\u0131lar\u0131n\u0131 site bazl\u0131 tan\u0131mlay\u0131n, t\u00fcm dosya sistemine eri\u015fen tek kullan\u0131c\u0131 kullanmay\u0131n.<\/li>\n<li>Ge\u00e7ici eri\u015fim verece\u011finiz ki\u015filer i\u00e7in ayr\u0131 kullan\u0131c\u0131 a\u00e7\u0131p i\u015f bitince silin.<\/li>\n<\/ul>\n<p>Bu konuyu cPanel \u00f6zelinde daha teknik g\u00f6rmek isterseniz, <a href=\"https:\/\/www.dchost.com\/blog\/cpanelde-addon-domain-mi-ayri-hesap-mi-dogru-secimi-teknik-sekilde-netlestirelim\/\">\u201ccPanel\u2019de Addon Domain mi Ayr\u0131 Hesap m\u0131?\u201d<\/a> yaz\u0131m\u0131z tam bu ikilemi detayl\u0131 inceliyor.<\/p>\n<h2><span id=\"2_Katman_Ag_ve_Sunucu_Yuzeyi_Guvenligi\">2. Katman: A\u011f ve Sunucu Y\u00fczeyi G\u00fcvenli\u011fi<\/span><\/h2>\n<h3><span id=\"5_Guvenlik_Duvari_Firewall_Kurallarini_Ilk_Gunden_Daraltin\">5. G\u00fcvenlik Duvar\u0131 (Firewall) Kurallar\u0131n\u0131 \u0130lk G\u00fcnden Daralt\u0131n<\/span><\/h3>\n<p>Sunucunuz ister payla\u015f\u0131ml\u0131, ister VPS, ister dedicated olsun; prensip ayn\u0131: <strong>A\u00e7\u0131k olmas\u0131 gerekmeyen hi\u00e7bir port a\u00e7\u0131k kalmamal\u0131.<\/strong> \u00d6zellikle VPS\/dedicated senaryosunda bu kontrol size ait.<\/p>\n<p>\u00d6nerilen temel yakla\u015f\u0131m:<\/p>\n<ul>\n<li>Yaln\u0131zca 80 (HTTP) ve 443 (HTTPS) portlar\u0131n\u0131 d\u0131\u015f d\u00fcnyaya a\u00e7\u0131n.<\/li>\n<li>SSH (\u00f6r. 22 veya \u00f6zel port) sadece sizin IP\u2019nize veya s\u0131n\u0131rl\u0131 bir IP aral\u0131\u011f\u0131na a\u00e7\u0131k olsun.<\/li>\n<li>Panel portlar\u0131 (cPanel, Plesk, phpMyAdmin vb.) i\u00e7in m\u00fcmk\u00fcnse <strong>IP k\u0131s\u0131tlama<\/strong> uygulay\u0131n.<\/li>\n<li>Sunucu i\u00e7inde gereksiz \u00e7al\u0131\u015fan servisleri tespit edip kapat\u0131n.<\/li>\n<\/ul>\n<p>Firewall kavram\u0131na daha temelden bakmak isterseniz, <a href=\"https:\/\/www.dchost.com\/blog\/guvenlik-duvari-firewall-nedir-ve-neden-onemlidir\/\">g\u00fcvenlik duvar\u0131 nedir ve neden \u00f6nemlidir<\/a> yaz\u0131m\u0131z\u0131 da ayr\u0131ca okuyabilirsiniz.<\/p>\n<h3><span id=\"6_Fail2ban_veya_Benzeri_BruteForce_Korumasi_Kullanin_VPSDedicated\">6. Fail2ban veya Benzeri Brute\u2011Force Korumas\u0131 Kullan\u0131n (VPS\/Dedicated)<\/span><\/h3>\n<p>SSH, FTP, SMTP, hatta web paneli giri\u015f ekranlar\u0131 \u00fczerinde binlerce deneme yapan otomatik botlar, bug\u00fcn her sunucunun rutin misafirleri. Bu trafi\u011fi engellemenin pratik yolu, <strong>ba\u015far\u0131s\u0131z giri\u015f denemelerini takip edip IP\u2019yi otomatik banlayan<\/strong> bir ara\u00e7 kullanmak.<\/p>\n<p>VPS veya dedicated sunucularda:<\/p>\n<ul>\n<li><strong>fail2ban<\/strong> gibi bir ara\u00e7 kurarak SSH, FTP, mail ve web panel loglar\u0131n\u0131 izleyin.<\/li>\n<li>Belirli say\u0131da hatal\u0131 giri\u015ften sonra IP\u2019yi belirli s\u00fcreyle veya kal\u0131c\u0131 olarak engelleyin.<\/li>\n<li>Ban kurallar\u0131n\u0131 \u00e7ok agresif ayarlamay\u0131n; yanl\u0131\u015f \u015fifre giren kendi kullan\u0131c\u0131lar\u0131n\u0131z kilitlenmesin.<\/li>\n<\/ul>\n<h3><span id=\"7_Isletim_Sistemi_ve_Panel_Guncellemelerini_Otomatiklestirin\">7. \u0130\u015fletim Sistemi ve Panel G\u00fcncellemelerini Otomatikle\u015ftirin<\/span><\/h3>\n<p>En \u00e7ok istismar edilen a\u00e7\u0131klar genellikle <strong>bilinen ama yamalanmam\u0131\u015f g\u00fcvenlik a\u00e7\u0131klar\u0131d\u0131r<\/strong>. Yani sorun, s\u0131f\u0131r g\u00fcn (0\u2011day) de\u011fil, uygulanmam\u0131\u015f g\u00fcncellemeler olur.<\/p>\n<p>Yapman\u0131z gerekenler:<\/p>\n<ul>\n<li>Linux da\u011f\u0131t\u0131m\u0131n\u0131zda <strong>security update\u2019leri otomatik<\/strong> alacak mekanizmay\u0131 aktif edin (\u00f6rne\u011fin unattended\u2011upgrades).<\/li>\n<li>cPanel\/Plesk gibi paneller i\u00e7in otomatik minor update\u2019leri a\u00e7\u0131k tutun.<\/li>\n<li>B\u00fcy\u00fck versiyon ge\u00e7i\u015fleri (\u00f6rne\u011fin PHP major upgrade) i\u00e7in staging ortam\u0131nda test etmeyi unutmay\u0131n.<\/li>\n<\/ul>\n<p>PHP taraf\u0131ndaki y\u00fckseltmeler i\u00e7in detayl\u0131 bir rehber ar\u0131yorsan\u0131z, <a href=\"https:\/\/www.dchost.com\/blog\/php-8-x-yukseltme-kontrol-listesi-wordpress-ve-laravelde-geriye-uyumluluk-opcache-preload-ve-fpm-havuz-ayarlari-nasil-tatli-tatli-kurulur\/\">PHP 8.x y\u00fckseltme kontrol listemiz<\/a> i\u015finizi olduk\u00e7a kolayla\u015ft\u0131r\u0131r.<\/p>\n<h3><span id=\"8_Sunucu_Zamanini_ve_NTP_Senkronizasyonunu_Dogru_Kurun\">8. Sunucu Zaman\u0131n\u0131 ve NTP Senkronizasyonunu Do\u011fru Kurun<\/span><\/h3>\n<p>G\u00fcvenlik taraf\u0131nda log analizi, sertifika ge\u00e7erlili\u011fi, token s\u00fcreleri gibi bir\u00e7ok mekanizma <strong>do\u011fru sistem saati<\/strong>ne ba\u011fl\u0131d\u0131r. Saat birka\u00e7 dakika bile geride veya ilerideyse, beklenmedik hatalarla kar\u015f\u0131la\u015fabilirsiniz.<\/p>\n<p>\u0130lk yap\u0131land\u0131rmada:<\/p>\n<ul>\n<li>Sunucuda NTP (Network Time Protocol) servisini aktif edin.<\/li>\n<li>Saat dilimini do\u011fru se\u00e7in (\u00f6r. Europe\/Istanbul).<\/li>\n<li>Log analizi yaparken saat farklar\u0131ndan kaynakl\u0131 kafa kar\u0131\u015f\u0131kl\u0131\u011f\u0131n\u0131 \u00f6nleyin.<\/li>\n<\/ul>\n<h2><span id=\"3_Katman_HTTPS_Tarayici_Guvenligi_ve_WAF\">3. Katman: HTTPS, Taray\u0131c\u0131 G\u00fcvenli\u011fi ve WAF<\/span><\/h2>\n<h3><span id=\"9_SSLTLS_Sertifikasini_Kurun_ve_HTTP_HTTPS_Zorlamasini_Yapin\">9. SSL\/TLS Sertifikas\u0131n\u0131 Kurun ve HTTP \u2192 HTTPS Zorlamas\u0131n\u0131 Yap\u0131n<\/span><\/h3>\n<p>Yeni a\u00e7\u0131lan bir sitenin <strong>ilk dakikas\u0131ndan itibaren<\/strong> HTTPS kullanmas\u0131 art\u0131k bir l\u00fcks de\u011fil, zorunluluk. Taray\u0131c\u0131 uyar\u0131lar\u0131, SEO etkisi ve kullan\u0131c\u0131 g\u00fcveni a\u00e7\u0131s\u0131ndan, HTTP olarak a\u00e7\u0131k kalan her sayfa risk ta\u015f\u0131r.<\/p>\n<p>\u0130lk g\u00fcnden \u015fu ad\u0131mlar\u0131 tamamlay\u0131n:<\/p>\n<ul>\n<li>DCHost panelinizden \u00fccretsiz Let\u2019s Encrypt veya sahip oldu\u011funuz kurumsal SSL sertifikan\u0131z\u0131 kurun.<\/li>\n<li>T\u00fcm HTTP trafi\u011fini 301 y\u00f6nlendirme ile <strong>HTTPS\u2019e zorlay\u0131n<\/strong>.<\/li>\n<li>Mixed content (HTTP \u00fczerinden y\u00fcklenen resim, JS, CSS) hatalar\u0131n\u0131 kontrol edin.<\/li>\n<\/ul>\n<p>SSL kavram\u0131na giri\u015f ve sertifika t\u00fcrleri hakk\u0131nda fikrinizi netle\u015ftirmek i\u00e7in <a href=\"https:\/\/www.dchost.com\/blog\/ssl-sertifikasi-nedir-web-sitenizi-guvence-altina-almanin-yollari\/\">SSL sertifikas\u0131 nedir ve nas\u0131l g\u00fcvence sa\u011flar<\/a> yaz\u0131m\u0131z iyi bir ba\u015flang\u0131\u00e7 olacakt\u0131r.<\/p>\n<h3><span id=\"10_HTTP_Guvenlik_Basliklarini_Security_Headers_Uygulayin\">10. HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131n\u0131 (Security Headers) Uygulay\u0131n<\/span><\/h3>\n<p>HTTPS tek ba\u015f\u0131na yeterli de\u011fil. Taray\u0131c\u0131lar\u0131n XSS, clickjacking ve i\u00e7erik manip\u00fclasyonu gibi sald\u0131r\u0131lara kar\u015f\u0131 daha ak\u0131ll\u0131 davranmas\u0131 i\u00e7in <strong>HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131n\u0131<\/strong> do\u011fru \u015fekilde ayarlaman\u0131z gerekiyor.<\/p>\n<p>\u00d6zellikle \u015funlara dikkat edin:<\/p>\n<ul>\n<li><strong>HSTS<\/strong> (HTTP Strict Transport Security): Taray\u0131c\u0131ya sitenize her zaman HTTPS ile ba\u011flanmas\u0131 gerekti\u011fini s\u00f6yler.<\/li>\n<li><strong>Content-Security-Policy (CSP)<\/strong>: Hangi kaynaktan script, style, resim y\u00fcklenebilece\u011fini tan\u0131mlar.<\/li>\n<li><strong>X-Frame-Options<\/strong> veya <strong>frame-ancestors<\/strong>: Sitenizin ba\u015fka bir sitede iframe ile g\u00f6m\u00fclmesini engeller.<\/li>\n<li><strong>X-Content-Type-Options<\/strong>: \u0130\u00e7erik t\u00fcr\u00fc kar\u0131\u015f\u0131kl\u0131klar\u0131na kar\u015f\u0131 korur.<\/li>\n<\/ul>\n<p>Bu ba\u015fl\u0131klar\u0131n ne i\u015fe yarad\u0131\u011f\u0131n\u0131 ve nas\u0131l ayarlanaca\u011f\u0131n\u0131 ad\u0131m ad\u0131m g\u00f6rmek i\u00e7in, mutlaka <a href=\"https:\/\/www.dchost.com\/blog\/http-guvenlik-basliklari-rehberi-hsts-csp-ve-digerlerini-ne-zaman-nasil-uygulamalisin\/\">HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131 rehberimize<\/a> g\u00f6z at\u0131n.<\/p>\n<h3><span id=\"11_Yonetim_Panellerini_IP_Kisitlama_veya_mTLS_ile_Koruyun\">11. Y\u00f6netim Panellerini IP K\u0131s\u0131tlama veya mTLS ile Koruyun<\/span><\/h3>\n<p>WordPress admin, Laravel Nova, \u00f6zel admin panelleriniz, phpMyAdmin gibi aray\u00fczler internete \u201cd\u00fcmd\u00fcz\u201d a\u00e7\u0131k kald\u0131\u011f\u0131nda, brute\u2011force ve otomatik taramalar\u0131n do\u011fal hedefi oluyor. Bunu engellemenin en etkili yollar\u0131ndan biri, <strong>eri\u015fimi k\u0131s\u0131tl\u0131 bir IP veya istemci sertifikas\u0131na<\/strong> ba\u011flamak.<\/p>\n<p>Se\u00e7enekleriniz:<\/p>\n<ul>\n<li>Nginx\/Apache ile admin yollar\u0131na (\u00f6r. <code>\/wp-admin<\/code>) sadece belirli IP aral\u0131klar\u0131ndan eri\u015fim izni verin.<\/li>\n<li>Daha ileri seviye i\u00e7in, y\u00f6netim paneline eri\u015fen taray\u0131c\u0131lara istemci sertifikas\u0131 zorunlu k\u0131lan <strong>mTLS<\/strong> kurun.<\/li>\n<\/ul>\n<p>Bu yap\u0131y\u0131 pratik \u00f6rneklerle g\u00f6rmek isterseniz, <a href=\"https:\/\/www.dchost.com\/blog\/yonetim-panellerini-mtls-ile-nasil-kale-gibi-korursun-nginxte-istemci-sertifikalari-adim-adim\/\">y\u00f6netim panellerini mTLS ile koruma rehberimizi<\/a> inceleyebilirsiniz.<\/p>\n<h3><span id=\"12_WAF_Web_Application_Firewall_ile_Uygulama_Katmanini_Filtreleyin\">12. WAF (Web Application Firewall) ile Uygulama Katman\u0131n\u0131 Filtreleyin<\/span><\/h3>\n<p>Firewall sistemleri port d\u00fczeyinde \u00e7al\u0131\u015f\u0131rken, <strong>WAF<\/strong> HTTP iste\u011finin i\u00e7eri\u011fini (URL, parametreler, body) inceleyerek SQL injection, XSS gibi sald\u0131r\u0131lar\u0131 engeller. Yeni a\u00e7\u0131lan sitelerde \u00f6zellikle form sayfalar\u0131 ve login ekranlar\u0131 i\u00e7in ciddi bir koruma katman\u0131 sa\u011flar.<\/p>\n<p>Yapabilecekleriniz:<\/p>\n<ul>\n<li>Sunucu taraf\u0131nda ModSecurity + OWASP CRS kural setini aktif edin.<\/li>\n<li>\u0130lk g\u00fcnlerde loglar\u0131 takip edip yanl\u0131\u015f pozitifleri ayarlay\u0131n.<\/li>\n<li>\u00c7ok s\u0131k sald\u0131r\u0131 alan endpoint\u2019ler (login, arama, form vb.) i\u00e7in daha s\u0131k\u0131 kurallar koyun.<\/li>\n<\/ul>\n<p>WAF yap\u0131land\u0131rmas\u0131n\u0131n incelikleriyle ilgileniyorsan\u0131z, <a href=\"https:\/\/www.dchost.com\/blog\/modsecurity-ve-owasp-crs-ile-wafi-uysallastirmak-yanlis-pozitifleri-nasil-ehlilestirir-performansi-ne-zaman-ucururuz\/\">ModSecurity ve OWASP CRS ile WAF rehberi<\/a> kararlar\u0131n\u0131z\u0131 netle\u015ftirmenize yard\u0131mc\u0131 olur.<\/p>\n<h2><span id=\"4_Katman_Uygulama_Dosya_Izinleri_ve_Yedekleme\">4. Katman: Uygulama, Dosya \u0130zinleri ve Yedekleme<\/span><\/h2>\n<h3><span id=\"13_Dosya_ve_Dizin_Izinlerini_Sertlestirin\">13. Dosya ve Dizin \u0130zinlerini Sertle\u015ftirin<\/span><\/h3>\n<p>\u00c7o\u011fu hack vakas\u0131nda kar\u015f\u0131m\u0131za \u00e7\u0131kan tablo, yaz\u0131labilir dizinlerin gere\u011finden geni\u015f yetkilerle b\u0131rak\u0131lm\u0131\u015f olmas\u0131. \u00d6zellikle <code>777<\/code> gibi izinler, sald\u0131rgan i\u00e7in davetiye anlam\u0131na geliyor.<\/p>\n<p>\u0130lk g\u00fcnden \u015fu prensipleri uygulay\u0131n:<\/p>\n<ul>\n<li>PHP tabanl\u0131 sitelerde \u00e7o\u011fu dosya i\u00e7in <code>644<\/code>, dizinler i\u00e7in <code>755<\/code> izinleri genellikle yeterlidir.<\/li>\n<li>Yaz\u0131labilir olmas\u0131 gereken dizinleri (\u00f6r. <code>uploads<\/code>, cache dizinleri) <strong>minimum gerekli izinle<\/strong> s\u0131n\u0131rland\u0131r\u0131n.<\/li>\n<li>Sunucu kullan\u0131c\u0131s\u0131 ve grup sahipliklerini (owner\/group) do\u011fru yap\u0131land\u0131r\u0131n.<\/li>\n<li>Listeleme (directory listing) \u00f6zelli\u011fini kapat\u0131n.<\/li>\n<\/ul>\n<p>WordPress kullan\u0131yorsan\u0131z, dosya izinleri, XML-RPC, wp-config gibi konular\u0131 derli toplu g\u00f6rmek i\u00e7in <a href=\"https:\/\/www.dchost.com\/blog\/wordpress-guvenlik-sertlestirme-kontrol-listesi-dosya-izinleri-salt-keys-xml-rpc-ufw-fail2ban-nasil-tatli-tatli-kurulur\/\">WordPress g\u00fcvenlik sertle\u015ftirme kontrol listemiz<\/a> harika bir tamamlay\u0131c\u0131d\u0131r.<\/p>\n<h3><span id=\"14_Varsayilan_Admin_Kullanici_Adi_ve_URLlerini_Degistirin\">14. Varsay\u0131lan Admin Kullan\u0131c\u0131 Ad\u0131 ve URL\u2019lerini De\u011fi\u015ftirin<\/span><\/h3>\n<p>\u201cadmin\u201d, \u201cadministrator\u201d, \u201croot\u201d gibi kullan\u0131c\u0131 adlar\u0131 ve herkesin bildi\u011fi yollar (\u00f6r. <code>\/wp-admin<\/code>, <code>\/administrator<\/code>) brute\u2011force sald\u0131r\u0131lar i\u00e7in haz\u0131r hedeflerdir. Kimli\u011fi gizlemek de\u011fil, <strong>sald\u0131rgan\u0131n i\u015fini zorla\u015ft\u0131rmak<\/strong> hedefimiz.<\/p>\n<p>\u00d6neriler:<\/p>\n<ul>\n<li>Yeni kurulumda asla \u201cadmin\u201d kullan\u0131c\u0131 ad\u0131 ile devam etmeyin.<\/li>\n<li>M\u00fcmk\u00fcnse y\u00f6netici kullan\u0131c\u0131 ad\u0131n\u0131 tamamen farkl\u0131, tahmin etmesi zor bir \u015fey se\u00e7in.<\/li>\n<li>Uygulama izin veriyorsa y\u00f6netim paneli URL yolunu \u00f6zelle\u015ftirin.<\/li>\n<\/ul>\n<h3><span id=\"15_Otomatik_Yedekleme_ve_321_Stratejisini_Ilk_Gunden_Kurun\">15. Otomatik Yedekleme ve 3\u20112\u20111 Stratejisini \u0130lk G\u00fcnden Kurun<\/span><\/h3>\n<p>G\u00fcvenlik sadece sald\u0131r\u0131y\u0131 engellemek de\u011fil, <strong>ba\u015f\u0131n\u0131za bir \u015fey geldi\u011finde geri d\u00f6nebilmektir<\/strong>. Bunun tek ger\u00e7ek\u00e7i yolu da do\u011fru kurgulanm\u0131\u015f bir yedekleme stratejisidir. En pratik model, 3\u20112\u20111 kural\u0131d\u0131r:<\/p>\n<ul>\n<li><strong>3 kopya<\/strong> (1 canl\u0131, 2 yedek)<\/li>\n<li><strong>2 farkl\u0131 ortamda<\/strong> (\u00f6rn. sunucu diski + harici depolama)<\/li>\n<li><strong>1 tanesi farkl\u0131 lokasyonda<\/strong> (farkl\u0131 veri merkezi veya offsite depolama)<\/li>\n<\/ul>\n<p>DCHost\u2019ta bar\u0131nd\u0131rd\u0131\u011f\u0131n\u0131z siteler i\u00e7in panelden otomatik yedeklemeleri aktif edebilir, ayr\u0131ca harici S3 uyumlu depolama alanlar\u0131na periyodik yedek senaryolar\u0131 kurgulayabilirsiniz. Konunun mant\u0131\u011f\u0131n\u0131 detayl\u0131 \u00f6\u011frenmek i\u00e7in <a href=\"https:\/\/www.dchost.com\/blog\/3-2-1-yedekleme-stratejisi-neden-ise-yariyor-cpanel-plesk-ve-vpste-otomatik-yedekleri-nasil-kurarsin\/\">3\u20112\u20111 yedekleme stratejisi rehberimize<\/a> mutlaka g\u00f6z at\u0131n.<\/p>\n<h3><span id=\"16_Yedekten_Geri_Donus_Testini_Ertelemeden_Yapin\">16. Yedekten Geri D\u00f6n\u00fc\u015f Testini Ertelemeden Yap\u0131n<\/span><\/h3>\n<p>Yedek almak tek ba\u015f\u0131na yeterli de\u011fil; <strong>o yedekten geri d\u00f6nebiliyor musunuz?<\/strong> sorusunun cevab\u0131 en az yedekleme kadar \u00f6nemli. Bir\u00e7ok i\u015fletme, ilk kez ger\u00e7ek bir sorun ya\u015fad\u0131\u011f\u0131nda yede\u011finin asl\u0131nda eksik veya bozuk oldu\u011funu fark ediyor.<\/p>\n<p>Yeni site i\u00e7in \u00f6neri:<\/p>\n<ul>\n<li>\u0130lk yedek al\u0131nd\u0131ktan sonra test ama\u00e7l\u0131 bir <strong>geri y\u00fckleme (restore)<\/strong> senaryosu \u00e7al\u0131\u015ft\u0131r\u0131n.<\/li>\n<li>M\u00fcmk\u00fcnse ayr\u0131 bir staging alan\u0131na geri d\u00f6n\u00fcp sitenin \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 do\u011frulay\u0131n.<\/li>\n<li>Bu testi y\u0131lda en az bir kez tekrar edin.<\/li>\n<\/ul>\n<h2><span id=\"5_Katman_DNS_Alan_Adi_ve_Eposta_Guvenligi\">5. Katman: DNS, Alan Ad\u0131 ve E\u2011posta G\u00fcvenli\u011fi<\/span><\/h2>\n<h3><span id=\"17_DNS_Kayitlarinizi_Minimum_Yetki_Ilkesiyle_Tasarlayin\">17. DNS Kay\u0131tlar\u0131n\u0131z\u0131 Minimum Yetki \u0130lkesiyle Tasarlay\u0131n<\/span><\/h3>\n<p>DNS, yeni bir site yay\u0131na al\u0131rken en \u00e7ok dokunulan, ama en az g\u00fcvenlik odakl\u0131 bak\u0131lan katmanlardan biri. Yanl\u0131\u015f ellerdeki bir DNS eri\u015fimi, t\u00fcm trafi\u011finizin farkl\u0131 bir sunucuya y\u00f6nlendirilmesi anlam\u0131na gelir.<\/p>\n<p>Dikkat etmeniz gerekenler:<\/p>\n<ul>\n<li>DNS y\u00f6netim paneline eri\u015fimi \u00e7ok s\u0131n\u0131rl\u0131 tutun, m\u00fcmk\u00fcnse sadece bir\u2011iki ki\u015fi.<\/li>\n<li>Gereksiz wildcard (<code>*.domain.com<\/code>) kay\u0131tlar\u0131ndan ka\u00e7\u0131n\u0131n.<\/li>\n<li>MX, SPF, DKIM ve DMARC kay\u0131tlar\u0131n\u0131z\u0131 net ve g\u00fcncel tutun.<\/li>\n<\/ul>\n<h3><span id=\"18_Alan_Adinizi_Kilitleyin_DNSSEC_ve_Registrar_Lock_Kullanin\">18. Alan Ad\u0131n\u0131z\u0131 Kilitleyin, DNSSEC ve Registrar Lock Kullan\u0131n<\/span><\/h3>\n<p>Yeni siteler i\u00e7in \u00e7o\u011fu zaman domain taraf\u0131 sadece \u201cfatura\u201d konusu olarak g\u00f6r\u00fcl\u00fcyor; oysa alan ad\u0131 elinizden giderse, hosting taraf\u0131nda ne yapt\u0131\u011f\u0131n\u0131z\u0131n pek \u00f6nemi kalmaz. Bu y\u00fczden domain g\u00fcvenli\u011fini de ilk g\u00fcnden sa\u011flamla\u015ft\u0131rmak \u015fart.<\/p>\n<p>Yapman\u0131z gerekenler:<\/p>\n<ul>\n<li>Alan ad\u0131n\u0131z i\u00e7in <strong>Registrar Lock<\/strong> (transfer kilidi) \u00f6zelli\u011fini aktif edin.<\/li>\n<li>M\u00fcmk\u00fcnse <strong>DNSSEC<\/strong> deste\u011fini a\u00e7\u0131n; DNS kay\u0131tlar\u0131n\u0131z\u0131n kriptografik olarak imzalanmas\u0131n\u0131 sa\u011flay\u0131n.<\/li>\n<li>Domain hesab\u0131n\u0131zda da 2FA kullanmay\u0131 unutmay\u0131n.<\/li>\n<\/ul>\n<p>Alan ad\u0131 g\u00fcvenli\u011fi ba\u015fl\u0131\u011f\u0131n\u0131 daha geni\u015f g\u00f6rmek isterseniz, <a href=\"https:\/\/www.dchost.com\/blog\/alan-adi-guvenligi-rehberi-registrar-lock-dnssec-whois-gizliligi-ve-2fa\/\">alan ad\u0131 g\u00fcvenli\u011fi rehberimizde<\/a> registrar lock, DNSSEC ve WHOIS gizlili\u011fini detayl\u0131 anlatt\u0131k.<\/p>\n<h3><span id=\"19_SPF_DKIM_DMARC_ile_Eposta_Kimlik_Dogrulamasini_Kurun\">19. SPF, DKIM, DMARC ile E\u2011posta Kimlik Do\u011frulamas\u0131n\u0131 Kurun<\/span><\/h3>\n<p>Yeni sitenizden g\u00f6nderilen e\u2011postalar\u0131n spam klas\u00f6r\u00fcne d\u00fc\u015fmemesi kadar \u00f6nemli bir konu daha var: <strong>sizin ad\u0131n\u0131za sahte e\u2011posta g\u00f6nderilmesinin engellenmesi<\/strong>. Bunun temeli de SPF, DKIM ve DMARC kay\u0131tlar\u0131n\u0131n do\u011fru ayarlanmas\u0131na dayan\u0131yor.<\/p>\n<p>\u0130lk g\u00fcnden \u015funlar\u0131 yap\u0131n:<\/p>\n<ul>\n<li>Alan ad\u0131n\u0131z i\u00e7in t\u00fcm e\u2011posta g\u00f6ndericilerini kapsayan bir <strong>SPF kayd\u0131<\/strong> tan\u0131mlay\u0131n.<\/li>\n<li>Kulland\u0131\u011f\u0131n\u0131z e\u2011posta altyap\u0131s\u0131 i\u00e7in <strong>DKIM imzas\u0131n\u0131<\/strong> aktif edin.<\/li>\n<li><strong>DMARC<\/strong> kayd\u0131 ile, SPF\/DKIM\u2019i ge\u00e7emeyen e\u2011postalara nas\u0131l davran\u0131laca\u011f\u0131n\u0131 tan\u0131mlay\u0131n (raporlama + karantina\/ret politikas\u0131).<\/li>\n<\/ul>\n<p>Bu ayarlar\u0131n pratik \u00f6rneklerini ve tipik hatalar\u0131 g\u00f6rmek i\u00e7in, <a href=\"https:\/\/www.dchost.com\/blog\/spf-dkim-dmarc-ve-rdns-ile-e-posta-teslim-edilebilirligini-nasil-adim-adim-yukseltirsin\/\">SPF, DKIM, DMARC ve rDNS rehberimize<\/a> g\u00f6z atabilirsiniz.<\/p>\n<h3><span id=\"20_Eposta_Girisleri_Icin_de_2FA_ve_Guclu_Sifre_Zorunlu_Olsun\">20. E\u2011posta Giri\u015fleri \u0130\u00e7in de 2FA ve G\u00fc\u00e7l\u00fc \u015eifre Zorunlu Olsun<\/span><\/h3>\n<p>\u00c7o\u011fu sald\u0131r\u0131, do\u011frudan sunucudan de\u011fil, <strong>e\u2011posta hesab\u0131n\u0131n ele ge\u00e7irilmesinden<\/strong> ba\u015fl\u0131yor. E\u2011posta ile parola s\u0131f\u0131rlama linkleri al\u0131nabiliyor, panel eri\u015fimleri a\u00e7\u0131labiliyor. Bu nedenle yeni bir site a\u00e7arken, alan ad\u0131n\u0131za ba\u011fl\u0131 e\u2011posta hesaplar\u0131n\u0131n g\u00fcvenli\u011fini de unutmay\u0131n.<\/p>\n<p>\u00d6neriler:<\/p>\n<ul>\n<li>T\u00fcm kritik e\u2011posta hesaplar\u0131nda uzun ve benzersiz \u015fifreler kullan\u0131n.<\/li>\n<li>Kulland\u0131\u011f\u0131n\u0131z e\u2011posta hizmeti destekliyorsa 2FA aktif edin.<\/li>\n<li>Payla\u015f\u0131lan hesap (\u00f6rn. info@, destek@) kullan\u0131yorsan\u0131z, kimlerin bildi\u011fini kay\u0131t alt\u0131na al\u0131n ve periyodik \u015fifre de\u011fi\u015fimi yap\u0131n.<\/li>\n<\/ul>\n<h2><span id=\"Ozet_Guvenligi_Sonraya_Birakirsaniz_Maliyeti_Katlanarak_Artar\">\u00d6zet: G\u00fcvenli\u011fi Sonraya B\u0131rak\u0131rsan\u0131z, Maliyeti Katlanarak Artar<\/span><\/h2>\n<p>Yeni bir web sitesi a\u00e7arken bu kadar \u00e7ok ba\u015fl\u0131kla u\u011fra\u015fmak ilk bak\u0131\u015fta yorucu g\u00f6r\u00fcnebilir. Ancak g\u00fcvenli\u011fi ilk g\u00fcnden kurmad\u0131\u011f\u0131n\u0131zda, birka\u00e7 ay sonra ya\u015fanacak bir hack veya veri s\u0131z\u0131nt\u0131s\u0131n\u0131n maliyeti hem zaman, hem itibar, hem de para olarak \u00e7ok daha a\u011f\u0131r olacakt\u0131r. Bu yaz\u0131da payla\u015ft\u0131\u011f\u0131m\u0131z 20 maddelik <strong>hosting g\u00fcvenlik check\u2011list\u2019i<\/strong>, asl\u0131nda g\u00fcnl\u00fck i\u015f ak\u0131\u015f\u0131n\u0131za oturdu\u011funda son derece y\u00f6netilebilir bir \u00e7er\u00e7eve sunuyor.<\/p>\n<p>DCHost olarak payla\u015f\u0131ml\u0131 hosting, VPS, dedicated sunucu ve colocation \u00e7\u00f6z\u00fcmlerimizi tasarlarken, bu maddelerin b\u00fcy\u00fck k\u0131sm\u0131n\u0131 altyap\u0131 seviyesinde standart olarak uyguluyoruz. Yine de her sitenin kendi uygulama, DNS ve e\u2011posta taraf\u0131nda atmas\u0131 gereken ad\u0131mlar var. Yeni bir site a\u00e7t\u0131ysan\u0131z veya mevcut sitenizi DCHost altyap\u0131s\u0131na ta\u015f\u0131may\u0131 planl\u0131yorsan\u0131z, bu kontrol listesini bir <strong>yol haritas\u0131<\/strong> gibi kullan\u0131n; her maddeyi tek tek i\u015faretleyin. Tak\u0131ld\u0131\u011f\u0131n\u0131z her noktada destek ekibimizden yard\u0131m isteyebilir, g\u00fcvenlik taraf\u0131n\u0131 \u201csonra bakar\u0131z\u201d dosyas\u0131ndan \u00e7\u0131kar\u0131p <strong>ilk g\u00fcnden \u00e7\u00f6z\u00fclm\u00fc\u015f i\u015fler<\/strong> listesine ta\u015f\u0131yabilirsiniz.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u0130&ccedil;indekiler1 Yeni Web Siteniz \u0130\u00e7in G\u00fcvenlik Neden \u0130lk G\u00fcnden Ba\u015flamal\u0131?2 1. Katman: Kimlik ve Eri\u015fim G\u00fcvenli\u011fi2.1 1. Hosting ve M\u00fc\u015fteri Paneline \u0130ki A\u015famal\u0131 Do\u011frulama (2FA) Kurun2.2 2. T\u00fcm Hesaplar \u0130\u00e7in Benzersiz ve G\u00fc\u00e7l\u00fc \u015eifre Politikas\u01312.3 3. SSH Eri\u015fiminde \u015eifreyi Kapat\u0131n, Anahtar Tabanl\u0131 Giri\u015f Kullan\u0131n (VPS\/Dedicated)2.4 4. Kontrol Paneli (cPanel\/Plesk\/DirectAdmin) Kullan\u0131c\u0131lar\u0131n\u0131 Ayr\u0131\u015ft\u0131r\u0131n3 2. Katman: A\u011f ve [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2822,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-2821","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/2821","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=2821"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/2821\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/2822"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=2821"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=2821"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=2821"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}