{"id":3086,"date":"2025-12-07T14:44:14","date_gmt":"2025-12-07T11:44:14","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/subdomain-takeover-ve-bosta-kalan-dns-kayitlari-cloudflare-ve-cpanel-icin-uygulamali-rehber\/"},"modified":"2025-12-07T14:44:14","modified_gmt":"2025-12-07T11:44:14","slug":"subdomain-takeover-ve-bosta-kalan-dns-kayitlari-cloudflare-ve-cpanel-icin-uygulamali-rehber","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/subdomain-takeover-ve-bosta-kalan-dns-kayitlari-cloudflare-ve-cpanel-icin-uygulamali-rehber\/","title":{"rendered":"Subdomain Takeover ve Bo\u015fta Kalan DNS Kay\u0131tlar\u0131: Cloudflare ve cPanel \u0130\u00e7in Uygulamal\u0131 Rehber"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><p>Subdomain takeover, DNS taraf\u0131nda k\u00fc\u00e7\u00fck gibi g\u00f6r\u00fcnen bir hatan\u0131n t\u00fcm markay\u0131 riske atabildi\u011fi, son y\u0131llar\u0131n en kritik web g\u00fcvenlik a\u00e7\u0131klar\u0131ndan biri. \u00d6zellikle Cloudflare \u00fczerinde DNS y\u00f6neten, arka tarafta ise cPanel kullan\u0131lan yap\u0131larda; test ortamlar\u0131, eski kampanya alt alan adlar\u0131 ve kapat\u0131lm\u0131\u015f \u00fc\u00e7\u00fcnc\u00fc taraf servisler y\u00fcz\u00fcnden <strong>bo\u015fta kalan (dangling) DNS kay\u0131tlar\u0131<\/strong> s\u0131k\u00e7a kar\u015f\u0131m\u0131za \u00e7\u0131k\u0131yor. G\u00fcvenlik denetimleri s\u0131ras\u0131nda DCHost ekibi olarak bir\u00e7ok projede, art\u0131k kullan\u0131lmayan ama DNS kayd\u0131 h\u00e2l\u00e2 duran subdomain\u2019lerin sald\u0131rganlar taraf\u0131ndan ele ge\u00e7irilebilir durumda oldu\u011funu g\u00f6rd\u00fck. Bu makalede, hem Cloudflare hem de cPanel taraf\u0131nda ad\u0131m ad\u0131m ilerleyerek subdomain takeover riskini nas\u0131l tespit edece\u011finizi, bo\u015fta kalan DNS kay\u0131tlar\u0131n\u0131 nas\u0131l temizleyece\u011finizi ve yeni kay\u0131tlar eklerken bu a\u00e7\u0131\u011f\u0131 en ba\u015ftan nas\u0131l engelleyece\u011finizi pratik \u00f6rneklerle anlataca\u011f\u0131z. Hedefimiz; ajanslar, yaz\u0131l\u0131m ekipleri ve kurumsal IT birimleri i\u00e7in uygulanabilir, g\u00fcnl\u00fck i\u015f ak\u0131\u015f\u0131na entegre edilebilen net bir yol haritas\u0131 sunmak.<\/p>\n<div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#Subdomain_takeover_nedir_ve_neden_bu_kadar_tehlikeli\"><span class=\"toc_number toc_depth_1\">1<\/span> Subdomain takeover nedir ve neden bu kadar tehlikeli?<\/a><\/li><li><a href=\"#Bosta_kalan_DNS_kaydi_dangling_record_tam_olarak_nedir\"><span class=\"toc_number toc_depth_1\">2<\/span> Bo\u015fta kalan DNS kayd\u0131 (dangling record) tam olarak nedir?<\/a><\/li><li><a href=\"#Cloudflare_tarafinda_subdomain_takeover_riskini_tespit_etme\"><span class=\"toc_number toc_depth_1\">3<\/span> Cloudflare taraf\u0131nda subdomain takeover riskini tespit etme<\/a><ul><li><a href=\"#1_DNS_envanteri_cikarma\"><span class=\"toc_number toc_depth_2\">3.1<\/span> 1. DNS envanteri \u00e7\u0131karma<\/a><\/li><li><a href=\"#2_Riskli_gorunen_kayitlari_teknik_olarak_test_etme\"><span class=\"toc_number toc_depth_2\">3.2<\/span> 2. Riskli g\u00f6r\u00fcnen kay\u0131tlar\u0131 teknik olarak test etme<\/a><\/li><li><a href=\"#3_Kullanilmayan_kayitlari_guvenle_temizleme\"><span class=\"toc_number toc_depth_2\">3.3<\/span> 3. Kullan\u0131lmayan kay\u0131tlar\u0131 g\u00fcvenle temizleme<\/a><\/li><li><a href=\"#4_Yeni_kayit_eklerken_guvenlik_prensipleri\"><span class=\"toc_number toc_depth_2\">3.4<\/span> 4. Yeni kay\u0131t eklerken g\u00fcvenlik prensipleri<\/a><\/li><\/ul><\/li><li><a href=\"#cPanel_tarafinda_subdomain_ve_DNS_yonetimi_En_sik_yapilan_hatalar\"><span class=\"toc_number toc_depth_1\">4<\/span> cPanel taraf\u0131nda subdomain ve DNS y\u00f6netimi: En s\u0131k yap\u0131lan hatalar<\/a><ul><li><a href=\"#1_cPanelde_subdomain_olusturma_ve_kaldirma_mantigi\"><span class=\"toc_number toc_depth_2\">4.1<\/span> 1. cPanel\u2019de subdomain olu\u015fturma ve kald\u0131rma mant\u0131\u011f\u0131<\/a><\/li><li><a href=\"#2_cPanelde_alt_alani_silip_Cloudflarede_DNS_kaydini_unutmak\"><span class=\"toc_number toc_depth_2\">4.2<\/span> 2. cPanel\u2019de alt alan\u0131 silip Cloudflare\u2019de DNS kayd\u0131n\u0131 unutmak<\/a><\/li><li><a href=\"#3_cPanel_guvenligi_ve_yetki_ayrimi\"><span class=\"toc_number toc_depth_2\">4.3<\/span> 3. cPanel g\u00fcvenli\u011fi ve yetki ayr\u0131m\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#Ajanslar_freelancerlar_ve_coklu_domain_portfoyu_icin_pratik_surecler\"><span class=\"toc_number toc_depth_1\">5<\/span> Ajanslar, freelancer\u2019lar ve \u00e7oklu domain portf\u00f6y\u00fc i\u00e7in pratik s\u00fcre\u00e7ler<\/a><ul><li><a href=\"#1_Ortak_bir_DNS_envanter_tablosu_tutun\"><span class=\"toc_number toc_depth_2\">5.1<\/span> 1. Ortak bir DNS envanter tablosu tutun<\/a><\/li><li><a href=\"#2_Yillik_ya_da_alti_aylik_DNS_temizlik_sprintleri_planlayin\"><span class=\"toc_number toc_depth_2\">5.2<\/span> 2. Y\u0131ll\u0131k ya da alt\u0131 ayl\u0131k DNS temizlik sprint\u2019leri planlay\u0131n<\/a><\/li><li><a href=\"#3_Musteriye_raporlama_Buldugunuz_riskleri_gorunur_kilin\"><span class=\"toc_number toc_depth_2\">5.3<\/span> 3. M\u00fc\u015fteriye raporlama: Buldu\u011funuz riskleri g\u00f6r\u00fcn\u00fcr k\u0131l\u0131n<\/a><\/li><\/ul><\/li><li><a href=\"#Cloudflare_guvenlik_ozelliklerini_subdomain_takeover_ile_birlikte_dusunmek\"><span class=\"toc_number toc_depth_1\">6<\/span> Cloudflare g\u00fcvenlik \u00f6zelliklerini subdomain takeover ile birlikte d\u00fc\u015f\u00fcnmek<\/a><ul><li><a href=\"#1_Origini_gercekten_korumak\"><span class=\"toc_number toc_depth_2\">6.1<\/span> 1. Origin\u2019i ger\u00e7ekten korumak<\/a><\/li><li><a href=\"#2_Yonetim_panellerini_ve_hassas_alt_alanlari_ek_katmanlarla_kapatmak\"><span class=\"toc_number toc_depth_2\">6.2<\/span> 2. Y\u00f6netim panellerini ve hassas alt alanlar\u0131 ek katmanlarla kapatmak<\/a><\/li><li><a href=\"#3_Cloudflare_Tunnel_ve_ozel_ag_senaryolari\"><span class=\"toc_number toc_depth_2\">6.3<\/span> 3. Cloudflare Tunnel ve \u00f6zel a\u011f senaryolar\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#DCHost_altyapisinda_pratik_oneriler_Domain_hosting_VPS_ve_dedicated_sunucu_tarafi\"><span class=\"toc_number toc_depth_1\">7<\/span> DCHost altyap\u0131s\u0131nda pratik \u00f6neriler: Domain, hosting, VPS ve dedicated sunucu taraf\u0131<\/a><\/li><li><a href=\"#Adim_adim_kontrol_listesi_Subdomain_takeover_ve_bosta_kalan_DNS_kayitlarini_onlemek\"><span class=\"toc_number toc_depth_1\">8<\/span> Ad\u0131m ad\u0131m kontrol listesi: Subdomain takeover ve bo\u015fta kalan DNS kay\u0131tlar\u0131n\u0131 \u00f6nlemek<\/a><ul><li><a href=\"#1_Mevcut_durumu_analiz_et\"><span class=\"toc_number toc_depth_2\">8.1<\/span> 1. Mevcut durumu analiz et<\/a><\/li><li><a href=\"#2_Riskli_kayitlari_bul\"><span class=\"toc_number toc_depth_2\">8.2<\/span> 2. Riskli kay\u0131tlar\u0131 bul<\/a><\/li><li><a href=\"#3_Temizle_ve_konsolide_et\"><span class=\"toc_number toc_depth_2\">8.3<\/span> 3. Temizle ve konsolide et<\/a><\/li><li><a href=\"#4_Surec_ve_otomasyon_kur\"><span class=\"toc_number toc_depth_2\">8.4<\/span> 4. S\u00fcre\u00e7 ve otomasyon kur<\/a><\/li><li><a href=\"#5_Guvenligi_butunsel_dusun\"><span class=\"toc_number toc_depth_2\">8.5<\/span> 5. G\u00fcvenli\u011fi b\u00fct\u00fcnsel d\u00fc\u015f\u00fcn<\/a><\/li><\/ul><\/li><li><a href=\"#Son_soz_Kucuk_bir_DNS_kaydi_buyuk_bir_guvenlik_acigina_donusmesin\"><span class=\"toc_number toc_depth_1\">9<\/span> Son s\u00f6z: K\u00fc\u00e7\u00fck bir DNS kayd\u0131, b\u00fcy\u00fck bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131na d\u00f6n\u00fc\u015fmesin<\/a><\/li><\/ul><\/div>\n<h2><span id=\"Subdomain_takeover_nedir_ve_neden_bu_kadar_tehlikeli\">Subdomain takeover nedir ve neden bu kadar tehlikeli?<\/span><\/h2>\n<p><strong>Subdomain takeover<\/strong>, bir alt alan ad\u0131n\u0131n (\u00f6rnek: kampanya.ornekdomain.com) DNS kayd\u0131 h\u00e2l\u00e2 aktifken, bu subdomain\u2019in y\u00f6nlendirildi\u011fi servis ya da sunucunun art\u0131k sizde olmamas\u0131 nedeniyle sald\u0131rgan\u0131n ayn\u0131 kayna\u011f\u0131 ele ge\u00e7irip kendi i\u00e7eri\u011fini yay\u0131nlamas\u0131d\u0131r. K\u0131saca, DNS hala i\u015faret ediyor ama arkada kimse yok; bo\u015fta kalan kap\u0131ya ilk gelen sald\u0131rgan ta\u015f\u0131n\u0131yor.<\/p>\n<p>Bu genellikle \u015fu senaryolarda ya\u015fan\u0131r:<\/p>\n<ul>\n<li>Eski bir test ya da staging alt alan ad\u0131 i\u00e7in \u00fc\u00e7\u00fcnc\u00fc taraf bir serviste hesap a\u00e7\u0131l\u0131r, proje biter, servis kapat\u0131l\u0131r ama DNS kayd\u0131 kal\u0131r.<\/li>\n<li>Ge\u00e7ici kampanya i\u00e7in ayr\u0131 bir uygulama sunucusu kurulur; sunucu silinir, DNS kayd\u0131 unutulur.<\/li>\n<li>Farkl\u0131 ekipler taraf\u0131ndan y\u00f6netilen \u00e7oklu domain portf\u00f6ylerinde, kimin hangi subdomain\u2019den sorumlu oldu\u011fu belirsizdir ve temizlik asla tam yap\u0131lmaz.<\/li>\n<\/ul>\n<p>Sald\u0131rgan, bu bo\u015fta kalan subdomain\u2019i ele ge\u00e7irdi\u011finde:<\/p>\n<ul>\n<li>Markan\u0131z\u0131n alt alan\u0131nda phishing sayfalar\u0131, zararl\u0131 kodlar ya da sahte giri\u015f ekranlar\u0131 yay\u0131nlayabilir.<\/li>\n<li>Subdomain\u2019i kullanarak \u00e7erez h\u0131rs\u0131zl\u0131\u011f\u0131, oturum \u00e7alma gibi geli\u015fmi\u015f sald\u0131r\u0131lar ger\u00e7ekle\u015ftirebilir.<\/li>\n<li>SEO manip\u00fclasyonu, spam backlink, zararl\u0131 dosya bar\u0131nd\u0131rma gibi itibar k\u0131r\u0131c\u0131 eylemler yapabilir.<\/li>\n<\/ul>\n<p>DNS ve subdomain\u2019lerin temelleri i\u00e7in, hen\u00fcz okumad\u0131ysan\u0131z <a href='https:\/\/www.dchost.com\/blog\/dns-kayitlari-nedir-a-aaaa-cname-mx-txt-ve-srv-rehberi\/'>DNS kay\u0131tlar\u0131 hakk\u0131nda detayl\u0131 rehberimizi<\/a> de mutlaka g\u00f6zden ge\u00e7irmenizi \u00f6neririz.<\/p>\n<h2><span id=\"Bosta_kalan_DNS_kaydi_dangling_record_tam_olarak_nedir\">Bo\u015fta kalan DNS kayd\u0131 (dangling record) tam olarak nedir?<\/span><\/h2>\n<p>Bo\u015fta kalan DNS kayd\u0131, DNS taraf\u0131nda h\u00e2l\u00e2 g\u00f6r\u00fcnen fakat i\u015faret etti\u011fi kaynak art\u0131k sizde olmayan kay\u0131tt\u0131r. Bu kavram subdomain takeover\u2019un kalbinde yer al\u0131r.<\/p>\n<p>En s\u0131k g\u00f6r\u00fclen t\u00fcrler:<\/p>\n<ul>\n<li><strong>CNAME ile \u00fc\u00e7\u00fcnc\u00fc taraf servise i\u015faret eden kay\u0131tlar<\/strong><br \/>\u00d6rne\u011fin: kampanya.ornekdomain.com \u2192 CNAME \u2192 ornekkampanya.ucuncutaraf.com<br \/>\u00dc\u00e7\u00fcnc\u00fc taraf servisteki ornekkampanya.ucuncutaraf.com hesab\u0131n\u0131z\u0131 sildi\u011finizde, e\u011fer DNS kayd\u0131 duruyorsa, sald\u0131rgan ayn\u0131 serviste bu ismi al\u0131p kontrol\u00fc ele ge\u00e7irebilir.<\/li>\n<li><strong>A\/AAAA kayd\u0131 ile silinmi\u015f ya da yeniden tahsis edilmi\u015f IP\u2019lere i\u015faret eden kay\u0131tlar<\/strong><br \/>\u00d6rne\u011fin: beta.ornekdomain.com \u2192 A \u2192 198.51.100.42<br \/>Bu IP art\u0131k sizin sunucunuz de\u011filse ve ba\u015fka birine verilmi\u015fse, o ki\u015fi alt alan ad\u0131n\u0131z \u00fczerinden yay\u0131n yapabilir.<\/li>\n<li><strong>NS kayd\u0131 ile delege edilen alt alanlar<\/strong><br \/>\u00d6rne\u011fin: app.ornekdomain.com alt alan\u0131n\u0131n y\u00f6netimini farkl\u0131 bir DNS sa\u011flay\u0131c\u0131s\u0131na NS kay\u0131tlar\u0131 ile devredersiniz. Oradaki b\u00f6lge (zone) silinir ama ana DNS\u2019de NS kay\u0131tlar\u0131 kal\u0131rsa, sald\u0131rgan bu alt alan i\u00e7in yeni bir zone olu\u015fturup kontrol\u00fc alabilir.<\/li>\n<\/ul>\n<p>Bo\u015fta kalan kay\u0131tlar\u0131n tespiti, d\u00fczenli DNS envanteri \u00e7\u0131karma ve de\u011fi\u015fikliklerin izlenmesiyle ba\u015flar. \u00c7oklu sa\u011flay\u0131c\u0131 DNS senaryolar\u0131 kuruyorsan\u0131z, <a href='https:\/\/www.dchost.com\/blog\/coklu-saglayici-dns-nasil-kurulur-octodns-ile-zero%E2%80%91downtime-gecis-ve-dayaniklilik-rehberi\/'>\u00e7oklu sa\u011flay\u0131c\u0131 DNS rehberimizdeki envanter ve ge\u00e7i\u015f pratikleri<\/a> burada da i\u015finize yarar.<\/p>\n<h2><span id=\"Cloudflare_tarafinda_subdomain_takeover_riskini_tespit_etme\">Cloudflare taraf\u0131nda subdomain takeover riskini tespit etme<\/span><\/h2>\n<p>Cloudflare kullan\u0131yorsan\u0131z, DNS y\u00f6netim paneli genellikle projenin ortas\u0131nda a\u00e7\u0131l\u0131r ve y\u0131llar i\u00e7inde onlarca kay\u0131t birikir. \u0130lk ad\u0131m, mevcut kay\u0131tlar\u0131n\u0131z\u0131 sistematik bi\u00e7imde g\u00f6zden ge\u00e7irmek olmal\u0131.<\/p>\n<h3><span id=\"1_DNS_envanteri_cikarma\">1. DNS envanteri \u00e7\u0131karma<\/span><\/h3>\n<p>Cloudflare panelinde ilgili domain i\u00e7in DNS sekmesine gidin ve \u015fu \u015fekilde gruplay\u0131n:<\/p>\n<ul>\n<li>T\u00fcr\u00fcne g\u00f6re: A, AAAA, CNAME, NS, TXT, MX vb.<\/li>\n<li>Alt alan ad\u0131na g\u00f6re: www, app, beta, test, staging, kampanya, promo, dev, old vb.<\/li>\n<li>Cloudflare proxy durumu: turuncu bulut (proxy a\u00e7\u0131k) \/ gri bulut (sadece DNS).<\/li>\n<\/ul>\n<p>\u00d6zellikle \u015fu kal\u0131plar kritik:<\/p>\n<ul>\n<li>test.*, dev.*, staging.*, beta.*, demo.*<\/li>\n<li>eski kampanyalar: kampanya2021.*, blackfriday.*, yilbasi.* vb.<\/li>\n<li>\u00fc\u00e7\u00fcnc\u00fc taraf CNAME kay\u0131tlar\u0131: *.ucuncutaraf.com, *.cdnservis.com, *.appservis.net gibi d\u0131\u015f hostlara giden kay\u0131tlar.<\/li>\n<\/ul>\n<h3><span id=\"2_Riskli_gorunen_kayitlari_teknik_olarak_test_etme\">2. Riskli g\u00f6r\u00fcnen kay\u0131tlar\u0131 teknik olarak test etme<\/span><\/h3>\n<p>Her \u015f\u00fcpheli kay\u0131t i\u00e7in:<\/p>\n<ol>\n<li>Taray\u0131c\u0131dan do\u011frudan alt alan ad\u0131n\u0131 a\u00e7\u0131n (https ve http ile test edin).<\/li>\n<li>Komut sat\u0131r\u0131ndan a\u015fa\u011f\u0131daki sorgular\u0131 yap\u0131n:<br \/>\n    <code>dig altalan.ornekdomain.com +short<\/code><br \/>\n    <code>curl -I https:\/\/altalan.ornekdomain.com<\/code>\n  <\/li>\n<\/ol>\n<p>\u015eu durumlar k\u0131rm\u0131z\u0131 bayrakt\u0131r:<\/p>\n<ul>\n<li>Servis sa\u011flay\u0131c\u0131n\u0131n \u2018bu alt alan ad\u0131 i\u00e7in herhangi bir site bulunamad\u0131\u2019 tarz\u0131 \u00f6zel hata sayfas\u0131.<\/li>\n<li>404 ya da 5xx d\u00f6nen ama \u00fcst bilgi ve i\u00e7erik olarak size ait g\u00f6r\u00fcnmeyen sayfalar.<\/li>\n<li>Bo\u015f, varsay\u0131lan bir sayfa; \u00fczerinde sizin logonuz ya da markan\u0131z yok.<\/li>\n<\/ul>\n<p>\u00d6zellikle baz\u0131 SaaS hizmetleri, kald\u0131r\u0131lm\u0131\u015f alt alanlar i\u00e7in bile \u00f6zel hata sayfas\u0131 d\u00f6nd\u00fcr\u00fcr ve bu durum <strong>ele ge\u00e7irilebilir<\/strong> anlam\u0131na gelir. B\u00f6yle bir kay\u0131t buldu\u011funuzda, \u00f6nce ger\u00e7ekten h\u00e2l\u00e2 kullan\u0131l\u0131yor mu sorusuna i\u00e7eride yan\u0131t bulmal\u0131, sonra da ya g\u00fcvenli h\u00e2le getirmeli ya da tamamen silmelisiniz.<\/p>\n<h3><span id=\"3_Kullanilmayan_kayitlari_guvenle_temizleme\">3. Kullan\u0131lmayan kay\u0131tlar\u0131 g\u00fcvenle temizleme<\/span><\/h3>\n<p>Her riskli kay\u0131t i\u00e7in \u015fu ad\u0131mlar\u0131 izleyin:<\/p>\n<ol>\n<li>\u0130lgili alt alan\u0131 kullanan uygulama, kampanya ya da entegrasyon ger\u00e7ekten kapanm\u0131\u015f m\u0131; proje sahiplerinden teyit al\u0131n.<\/li>\n<li>Subdomain SEO a\u00e7\u0131s\u0131ndan \u00f6nemli bir ge\u00e7mi\u015fe sahipse, tamamen silmek yerine ana siteye 301 y\u00f6nlendirme yapmak isteyebilirsiniz (Bunu genellikle web sunucusu ya da uygulama seviyesinde yapars\u0131n\u0131z; DNS taraf\u0131nda sadece i\u015faret etti\u011fi IP\u2019yi g\u00fcncellersiniz).<\/li>\n<li>Kesinlikle art\u0131k kullan\u0131lmayaca\u011f\u0131na emin oldu\u011funuz kayd\u0131 Cloudflare DNS ekran\u0131ndan tamamen silin.<\/li>\n<\/ol>\n<p>DNS de\u011fi\u015fikliklerinin yay\u0131l\u0131m\u0131 konusunda daha net olmak i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/dns-yayilim-suresi-nedir-neden-24-saat-surer-ve-nasil-hizlandirilir\/'>DNS yay\u0131l\u0131m s\u00fcresi rehberimizdeki TTL ve \u00f6nbellekleme anlat\u0131m\u0131na<\/a> da g\u00f6z atabilirsiniz.<\/p>\n<h3><span id=\"4_Yeni_kayit_eklerken_guvenlik_prensipleri\">4. Yeni kay\u0131t eklerken g\u00fcvenlik prensipleri<\/span><\/h3>\n<p>\u0130leride ayn\u0131 sorunlar\u0131n tekrar etmemesi i\u00e7in Cloudflare \u00fczerinde yeni subdomain a\u00e7arken \u015fu prensipleri uygulay\u0131n:<\/p>\n<ul>\n<li><strong>Proje \u00f6mr\u00fc k\u0131sa ise<\/strong> (kampanya, etkinlik vb.), biti\u015f tarihini not al\u0131n ve takvime temizlik g\u00f6revi ekleyin.<\/li>\n<li><strong>\u00dc\u00e7\u00fcnc\u00fc taraf servise CNAME veriyorsan\u0131z<\/strong>, bu servisten ayr\u0131lma plan\u0131 yaparken mutlaka DNS taraf\u0131nda temizlik g\u00f6revi de ekleyin.<\/li>\n<li>Her yeni subdomain i\u00e7in bir \u2018sahip ekip\u2019 belirleyin (\u00f6rne\u011fin Pazarlama, Yaz\u0131l\u0131m, D\u0131\u015f ajans X) ve bu bilgiyi dok\u00fcmante edin.<\/li>\n<li>Cloudflare\u2019de m\u00fcmk\u00fcn oldu\u011funca a\u00e7\u0131klay\u0131c\u0131 notlar kullan\u0131n; DNS kayd\u0131n\u0131n ne i\u00e7in a\u00e7\u0131ld\u0131\u011f\u0131n\u0131 k\u0131sa da olsa yazman\u0131z, y\u0131llar sonra b\u00fcy\u00fck fark yarat\u0131r.<\/li>\n<\/ul>\n<h2><span id=\"cPanel_tarafinda_subdomain_ve_DNS_yonetimi_En_sik_yapilan_hatalar\">cPanel taraf\u0131nda subdomain ve DNS y\u00f6netimi: En s\u0131k yap\u0131lan hatalar<\/span><\/h2>\n<p>Cloudflare\u2019de DNS y\u00f6netip, arka tarafta cPanel hosting kullanmak \u00e7ok yayg\u0131n. Ancak cPanel \u00fczerinde subdomain ve addon domain y\u00f6netimi do\u011fru yap\u0131lmad\u0131\u011f\u0131nda, hem g\u00fcvenlik a\u00e7\u0131klar\u0131 hem de karma\u015fa olu\u015fabiliyor.<\/p>\n<h3><span id=\"1_cPanelde_subdomain_olusturma_ve_kaldirma_mantigi\">1. cPanel\u2019de subdomain olu\u015fturma ve kald\u0131rma mant\u0131\u011f\u0131<\/span><\/h3>\n<p>cPanel\u2019de bir subdomain olu\u015fturdu\u011funuzda, genellikle iki \u015fey olur:<\/p>\n<ul>\n<li>Sunucu taraf\u0131nda ilgili klas\u00f6r olu\u015fturulur (\u00f6rnek: public_html\/kampanya).<\/li>\n<li>cPanel DNS zone\u2019unda bu subdomain i\u00e7in A kayd\u0131 eklenir.<\/li>\n<\/ul>\n<p>E\u011fer Cloudflare kullan\u0131yorsan\u0131z, \u00e7o\u011fu senaryoda nameserver\u2019lar Cloudflare\u2019e i\u015faret etti\u011fi i\u00e7in, cPanel\u2019deki DNS kayd\u0131 internete yans\u0131maz. Bu durumda Cloudflare ile cPanel DNS kay\u0131tlar\u0131n\u0131z\u0131n senkron olmayabilece\u011fini bilmeniz \u00e7ok \u00f6nemli. Bunu detayl\u0131 ele ald\u0131\u011f\u0131m\u0131z <a href='https:\/\/www.dchost.com\/blog\/cloudflare-dns-mi-hosting-dnsi-mi-en-dogru-nameserver-stratejisi\/'>Cloudflare DNS mi, hosting DNS\u2019i mi rehberimiz<\/a>, mimari tercihi yaparken size iyi bir \u00e7er\u00e7eve sunar.<\/p>\n<h3><span id=\"2_cPanelde_alt_alani_silip_Cloudflarede_DNS_kaydini_unutmak\">2. cPanel\u2019de alt alan\u0131 silip Cloudflare\u2019de DNS kayd\u0131n\u0131 unutmak<\/span><\/h3>\n<p>En s\u0131k g\u00f6rd\u00fc\u011f\u00fcm\u00fcz hata \u015fu:<\/p>\n<ol>\n<li>cPanel\u2019den subdomain silinir, dosyalar kald\u0131r\u0131l\u0131r.<\/li>\n<li>Cloudflare DNS panelinde ayn\u0131 subdomain i\u00e7in CNAME veya A kayd\u0131 kal\u0131r.<\/li>\n<li>Arkada art\u0131k size ait olmayan bir IP ya da servis oldu\u011fu i\u00e7in subdomain takeover riski do\u011far.<\/li>\n<\/ol>\n<p>Bu nedenle; <strong>cPanel\u2019de bir subdomain veya addon domain kald\u0131rd\u0131\u011f\u0131n\u0131z anda, Cloudflare DNS\u2019te kar\u015f\u0131l\u0131\u011f\u0131n\u0131 kontrol etmek<\/strong> i\u00e7in bir operasyon ad\u0131m\u0131 tan\u0131mlay\u0131n. Bunu i\u00e7 s\u00fcre\u00e7lerinizin bir par\u00e7as\u0131 h\u00e2line getirmek, riski dramatik \u015fekilde d\u00fc\u015f\u00fcr\u00fcr.<\/p>\n<h3><span id=\"3_cPanel_guvenligi_ve_yetki_ayrimi\">3. cPanel g\u00fcvenli\u011fi ve yetki ayr\u0131m\u0131<\/span><\/h3>\n<p>Subdomain takeover sadece DNS\u2019ten ibaret de\u011fil; ayn\u0131 zamanda panel eri\u015fimi ve yetkilerle de ilgili. cPanel taraf\u0131nda a\u015fa\u011f\u0131daki \u00f6nerileri uygularsan\u0131z, genel y\u00fczey alan\u0131n\u0131z\u0131 da daralt\u0131rs\u0131n\u0131z:<\/p>\n<ul>\n<li>Her m\u00fc\u015fteri siteyi ayr\u0131 cPanel hesab\u0131nda tutun; addon domain kalabal\u0131\u011f\u0131 yerine izolasyonu tercih edin.<\/li>\n<li>Gereksiz FTP hesaplar\u0131n\u0131, eski SSH eri\u015fimlerini ve kullan\u0131lmayan e-posta kutular\u0131n\u0131 temizleyin.<\/li>\n<li>G\u00fcvenlik sertle\u015ftirmesi i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/cpanel-guvenlik-sertlestirme-kontrol-listesi\/'>cPanel g\u00fcvenlik sertle\u015ftirme kontrol listemizdeki<\/a> ad\u0131mlar\u0131 uygulay\u0131n.<\/li>\n<\/ul>\n<h2><span id=\"Ajanslar_freelancerlar_ve_coklu_domain_portfoyu_icin_pratik_surecler\">Ajanslar, freelancer\u2019lar ve \u00e7oklu domain portf\u00f6y\u00fc i\u00e7in pratik s\u00fcre\u00e7ler<\/span><\/h2>\n<p>Birden fazla m\u00fc\u015fterinin DNS ve hosting\u2019ini y\u00f6neten ajanslar i\u00e7in subdomain takeover riski katlanarak artar. Zaman i\u00e7inde kullan\u0131lan SaaS hizmetleri, kampanya siteleri ve A\/B test subdomain\u2019leri unutulmaya \u00e7ok m\u00fcsaittir.<\/p>\n<h3><span id=\"1_Ortak_bir_DNS_envanter_tablosu_tutun\">1. Ortak bir DNS envanter tablosu tutun<\/span><\/h3>\n<p>Her alan ad\u0131 i\u00e7in en az \u015fu s\u00fctunlar\u0131 i\u00e7eren payla\u015f\u0131ml\u0131 bir tablo olu\u015fturun:<\/p>\n<ul>\n<li>Alan ad\u0131<\/li>\n<li>Subdomain (\u00f6rnek: beta.musteri.com)<\/li>\n<li>DNS t\u00fcr\u00fc (A, CNAME, NS vb.)<\/li>\n<li>\u0130\u015faret etti\u011fi hedef (IP ya da host)<\/li>\n<li>Sahip ekip (Pazarlama, Yaz\u0131l\u0131m, D\u0131\u015f ajans)<\/li>\n<li>A\u00e7\u0131l\u0131\u015f tarihi ve planlanan kapan\u0131\u015f tarihi<\/li>\n<\/ul>\n<p>Bu tabloyu yeni her kampanyada g\u00fcncellemek, sonradan temizlik yaparken hayat kurtar\u0131r.<\/p>\n<h3><span id=\"2_Yillik_ya_da_alti_aylik_DNS_temizlik_sprintleri_planlayin\">2. Y\u0131ll\u0131k ya da alt\u0131 ayl\u0131k DNS temizlik sprint\u2019leri planlay\u0131n<\/span><\/h3>\n<p>Proje yo\u011funlu\u011funda DNS temizlik i\u015fleri her zaman ertelenir. Bu y\u00fczden, ajans takviminize y\u0131lda en az bir kez, ideal olarak alt\u0131 ayda bir <strong>DNS temizlik sprint\u2019i<\/strong> ekleyin. Bu sprint\u2019te:<\/p>\n<ul>\n<li>Eski kampanya domain ve subdomain\u2019lerini g\u00f6zden ge\u00e7irin.<\/li>\n<li>\u00dc\u00e7\u00fcnc\u00fc taraf servislerden ayr\u0131lm\u0131\u015f m\u0131s\u0131n\u0131z, kontrol edin.<\/li>\n<li>Art\u0131k anlam ifade etmeyen subdomain\u2019leri kapat\u0131n veya ana siteye y\u00f6nlendirin.<\/li>\n<\/ul>\n<p>Birden fazla alan ad\u0131 ve DNS eri\u015fimini y\u00f6netirken, genel yakla\u015f\u0131m\u0131 <a href='https:\/\/www.dchost.com\/blog\/ajanslar-icin-dns-ve-alan-adi-erisimi-yonetimi\/'>ajanslar i\u00e7in DNS ve alan ad\u0131 eri\u015fimi y\u00f6netimi rehberimizde<\/a> ayr\u0131nt\u0131l\u0131 anlatt\u0131k; bu yaz\u0131yla birlikte okuman\u0131z b\u00fct\u00fcn resmi tamamlaman\u0131za yard\u0131mc\u0131 olur.<\/p>\n<h3><span id=\"3_Musteriye_raporlama_Buldugunuz_riskleri_gorunur_kilin\">3. M\u00fc\u015fteriye raporlama: Buldu\u011funuz riskleri g\u00f6r\u00fcn\u00fcr k\u0131l\u0131n<\/span><\/h3>\n<p>Subdomain takeover risklerini tespit etti\u011finizde, bunu m\u00fc\u015fteriye sadece teknik bir not olarak de\u011fil, somut etkileriyle anlat\u0131n:<\/p>\n<ul>\n<li>Marka itibar riski (phishing, zararl\u0131 yaz\u0131l\u0131m bar\u0131nd\u0131rma vb.).<\/li>\n<li>SEO ve organik trafik zararlar\u0131.<\/li>\n<li>Hukuki ve KVKK\/GDPR kapsam\u0131nda do\u011fabilecek y\u00fck\u00fcml\u00fcl\u00fckler.<\/li>\n<\/ul>\n<p>B\u00f6ylece, DNS g\u00fcvenli\u011fi i\u00e7in zaman ve b\u00fct\u00e7e ay\u0131rman\u0131n neden gerekli oldu\u011funu daha kolay kabul ettirebilirsiniz.<\/p>\n<h2><span id=\"Cloudflare_guvenlik_ozelliklerini_subdomain_takeover_ile_birlikte_dusunmek\">Cloudflare g\u00fcvenlik \u00f6zelliklerini subdomain takeover ile birlikte d\u00fc\u015f\u00fcnmek<\/span><\/h2>\n<p>Cloudflare sadece DNS i\u00e7in de\u011fil, ayn\u0131 zamanda WAF, oran s\u0131n\u0131rlama, mTLS ve origin do\u011frulama gibi geli\u015fmi\u015f g\u00fcvenlik \u00f6zellikleri i\u00e7in de g\u00fc\u00e7l\u00fc bir platform. Subdomain takeover riskini azaltmak i\u00e7in \u015fu stratejileri de g\u00f6z \u00f6n\u00fcne al\u0131n:<\/p>\n<h3><span id=\"1_Origini_gercekten_korumak\">1. Origin\u2019i ger\u00e7ekten korumak<\/span><\/h3>\n<p>Alt alanlar\u0131n\u0131z Cloudflare arkas\u0131nda ise, sadece DNS takeover de\u011fil, ayn\u0131 zamanda kaynak sunucunun kimli\u011fini do\u011frulama konusu da \u00f6nem kazan\u0131r. \u00d6zellikle kritik uygulamalar i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/origini-korumak-cloudflare-authenticated-origin-pulls-ve-mtls-ile-gercek-kaynak-dogrulamasi\/'>authenticated origin pulls ve mTLS<\/a> kullanarak, yaln\u0131zca Cloudflare\u2019den gelen trafi\u011fi kabul etmeniz \u00e7ok g\u00fc\u00e7l\u00fc bir ek katman sa\u011flar.<\/p>\n<h3><span id=\"2_Yonetim_panellerini_ve_hassas_alt_alanlari_ek_katmanlarla_kapatmak\">2. Y\u00f6netim panellerini ve hassas alt alanlar\u0131 ek katmanlarla kapatmak<\/span><\/h3>\n<p>Cloudflare Access, IP k\u0131s\u0131tlamalar\u0131 ve ek kimlik do\u011frulama katmanlar\u0131 ile y\u00f6netim panellerinizi korurken, sunucu taraf\u0131nda da mTLS ile eri\u015fimi k\u0131s\u0131tlaman\u0131z m\u00fcmk\u00fcnd\u00fcr. Y\u00f6netim panellerini Nginx taraf\u0131nda istemci sertifikalar\u0131 ile kapatmak i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/yonetim-panellerini-mtls-ile-nasil-kale-gibi-korursun-nginxte-istemci-sertifikalari-adim-adim\/'>y\u00f6netim panellerini mTLS ile koruma rehberimizi<\/a> inceleyebilirsiniz.<\/p>\n<h3><span id=\"3_Cloudflare_Tunnel_ve_ozel_ag_senaryolari\">3. Cloudflare Tunnel ve \u00f6zel a\u011f senaryolar\u0131<\/span><\/h3>\n<p>Baz\u0131 durumlarda, internete do\u011frudan a\u00e7\u0131k bir IP yerine, sadece Cloudflare Tunnel \u00fczerinden eri\u015filen servisler kurmak isteyebilirsiniz. B\u00f6yle bir mimaride bile, yanl\u0131\u015f yap\u0131land\u0131r\u0131lm\u0131\u015f DNS kay\u0131tlar\u0131 y\u00fcz\u00fcnden subdomain takeover riskleri olu\u015fabilir. Bu nedenle Tunnel ile \u00e7al\u0131\u015f\u0131rken bile DNS envanterinizi disiplinli y\u00f6netmek \u015fart. Cloudflare Tunnel kullan\u0131m\u0131n\u0131, kapal\u0131 portlarla yay\u0131n mant\u0131\u011f\u0131n\u0131 anlatt\u0131\u011f\u0131m\u0131z <a href='https:\/\/www.dchost.com\/blog\/port-acmadan-yayin-nasil-mumkun-cloudflare-tunnel-zero-trust-mtls-ve-accessi-adim-adim\/'>port a\u00e7madan yay\u0131n rehberi<\/a> ile birlikte de\u011ferlendirmenizi \u00f6neririz.<\/p>\n<h2><span id=\"DCHost_altyapisinda_pratik_oneriler_Domain_hosting_VPS_ve_dedicated_sunucu_tarafi\">DCHost altyap\u0131s\u0131nda pratik \u00f6neriler: Domain, hosting, <a href=\"https:\/\/www.dchost.com\/tr\/vps\">VPS<\/a> ve <a href=\"https:\/\/www.dchost.com\/tr\/fiziksel-sunucu\">dedicated sunucu<\/a> taraf\u0131<\/span><\/h2>\n<p>DCHost olarak, m\u00fc\u015fterilerimizin domain, hosting, VPS, dedicated sunucu ve colocation altyap\u0131lar\u0131n\u0131 tasarlarken DNS g\u00fcvenli\u011fini i\u015fin en ba\u015f\u0131na koyuyoruz. Subdomain takeover\u2019\u0131 \u00f6nlemek i\u00e7in siz de altyap\u0131n\u0131z\u0131 planlarken \u015fu maddeleri referans alabilirsiniz:<\/p>\n<ul>\n<li><strong>Yeni projede mimari planlama<\/strong>: Domain ve subdomain hiyerar\u015fisini proje ba\u015f\u0131nda tasarlay\u0131n; hangi alt alan hangi sunucuya gidecek, kim y\u00f6netecek, netle\u015ftirin.<\/li>\n<li><strong>VPS ya da dedicated sunucu kullan\u0131rken<\/strong> ayn\u0131 sunucuya onlarca test subdomain\u2019i y\u0131\u011fmak yerine, \u00f6mr\u00fc k\u0131sa olan projeler i\u00e7in ayr\u0131 ortamlar ve temizleme takvimi planlay\u0131n.<\/li>\n<li><strong>Colocation ortamlar\u0131nda<\/strong> kendi DNS\u2019inizi y\u00f6netiyorsan\u0131z, zone dosyalar\u0131n\u0131za d\u00f6nemsel otomatik testler eklemeyi d\u00fc\u015f\u00fcn\u00fcn (\u00f6rne\u011fin cron ile \u00e7al\u0131\u015fan k\u00fc\u00e7\u00fck bir kontrol arac\u0131).<\/li>\n<li>DNSSEC, CAA kay\u0131tlar\u0131, g\u00fcvenli SSL\/TLS konular\u0131nda da projenin ba\u015f\u0131nda standartlar belirleyin; bu konular\u0131 derinlemesine anlatt\u0131\u011f\u0131m\u0131z <a href='https:\/\/www.dchost.com\/blog\/dnssec-nedir-web-sitenizi-nasil-daha-guvenli-hale-getirir\/'>DNSSEC rehberi<\/a> ve <a href='https:\/\/www.dchost.com\/blog\/caa-kayitlari-derinlemesine-neden-nasil-ve-ne-zaman-coklu%e2%80%91caya-gecmelisin\/'>CAA kay\u0131tlar\u0131 yaz\u0131s\u0131<\/a> iyi ba\u015flang\u0131\u00e7 noktalar\u0131d\u0131r.<\/li>\n<\/ul>\n<h2><span id=\"Adim_adim_kontrol_listesi_Subdomain_takeover_ve_bosta_kalan_DNS_kayitlarini_onlemek\">Ad\u0131m ad\u0131m kontrol listesi: Subdomain takeover ve bo\u015fta kalan DNS kay\u0131tlar\u0131n\u0131 \u00f6nlemek<\/span><\/h2>\n<p>Son b\u00f6l\u00fcmde, hem Cloudflare hem de cPanel kullanan yap\u0131lar i\u00e7in uygulanabilir bir kontrol listesi b\u0131rakal\u0131m. Bunu kendi i\u00e7 dok\u00fcmantasyonunuza kolayca uyarlayabilirsiniz.<\/p>\n<h3><span id=\"1_Mevcut_durumu_analiz_et\">1. Mevcut durumu analiz et<\/span><\/h3>\n<ul>\n<li>T\u00fcm alan adlar\u0131n\u0131n Cloudflare DNS kay\u0131tlar\u0131n\u0131 d\u0131\u015fa aktar ya da ekran \u00fczerinden listele.<\/li>\n<li>\u00d6zellikle CNAME, A, AAAA ve NS kay\u0131tlar\u0131n\u0131 ayr\u0131 bir tabloda grupla.<\/li>\n<li>test, dev, staging, beta, promo, kampanya gibi alt alanlar\u0131 i\u015faretle.<\/li>\n<\/ul>\n<h3><span id=\"2_Riskli_kayitlari_bul\">2. Riskli kay\u0131tlar\u0131 bul<\/span><\/h3>\n<ul>\n<li>Her \u015f\u00fcpheli subdomain\u2019i taray\u0131c\u0131 ve komut sat\u0131r\u0131ndan test et (dig, curl vb.).<\/li>\n<li>\u00dc\u00e7\u00fcnc\u00fc taraf servis hata sayfalar\u0131 veya size ait olmayan varsay\u0131lan sayfalar tespit et.<\/li>\n<li>Silinmi\u015f ya da sana ait olmayan IP\u2019lere i\u015faret eden A\/AAAA kay\u0131tlar\u0131n\u0131 belirle.<\/li>\n<\/ul>\n<h3><span id=\"3_Temizle_ve_konsolide_et\">3. Temizle ve konsolide et<\/span><\/h3>\n<ul>\n<li>Art\u0131k kullan\u0131lmayan kay\u0131tlar\u0131 ilgili ekiplerden onay alarak sil.<\/li>\n<li>Gerekiyorsa baz\u0131 alt alanlar\u0131 ana siteye 301 y\u00f6nlendirme ile konsolide et.<\/li>\n<li>cPanel ve Cloudflare DNS kay\u0131tlar\u0131n\u0131 m\u00fcmk\u00fcn oldu\u011funca senkron tut.<\/li>\n<\/ul>\n<h3><span id=\"4_Surec_ve_otomasyon_kur\">4. S\u00fcre\u00e7 ve otomasyon kur<\/span><\/h3>\n<ul>\n<li>Yeni subdomain a\u00e7arken bir sahip ekip ve planlanan kapan\u0131\u015f tarihi belirle.<\/li>\n<li>Y\u0131ll\u0131k ya da alt\u0131 ayl\u0131k DNS temizlik sprint\u2019leri takvime ekle.<\/li>\n<li>VPS ya da dedicated sunucularda, log ve izleme sistemlerine DNS de\u011fi\u015fikliklerini de dahil et (\u00f6rne\u011fin de\u011fi\u015fiklik oldu\u011funda e-posta bildirimi).<\/li>\n<\/ul>\n<h3><span id=\"5_Guvenligi_butunsel_dusun\">5. G\u00fcvenli\u011fi b\u00fct\u00fcnsel d\u00fc\u015f\u00fcn<\/span><\/h3>\n<ul>\n<li>Subdomain takeover, web g\u00fcvenli\u011fi tablosunun tek par\u00e7as\u0131; WAF, TLS, HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131, zay\u0131f parolalar gibi di\u011fer riskleri de birlikte ele al.<\/li>\n<li>Genel g\u00fcvenlik yakla\u015f\u0131m\u0131n\u0131z\u0131 g\u00fc\u00e7lendirmek i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/siber-guvenlik-tehditleri-hosting-sektorunde\/'>hosting sekt\u00f6r\u00fcnde siber g\u00fcvenlik tehditleri<\/a> ve <a href='https:\/\/www.dchost.com\/blog\/vps-sunucu-guvenligi-nasil-saglanir-kapiyi-acik-birakmadan-yasamanin-sirri\/'>VPS sunucu g\u00fcvenli\u011fi rehberlerimizi<\/a> inceleyin.<\/li>\n<\/ul>\n<h2><span id=\"Son_soz_Kucuk_bir_DNS_kaydi_buyuk_bir_guvenlik_acigina_donusmesin\">Son s\u00f6z: K\u00fc\u00e7\u00fck bir DNS kayd\u0131, b\u00fcy\u00fck bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131na d\u00f6n\u00fc\u015fmesin<\/span><\/h2>\n<p>Subdomain takeover, \u00e7o\u011fu ekip i\u00e7in ancak bir g\u00fcvenlik denetiminde veya k\u00f6t\u00fc bir olay ya\u015fand\u0131ktan sonra g\u00fcndeme gelen bir konu. Oysa bu risk, d\u00fczenli DNS envanteri, basit temizlik s\u00fcre\u00e7leri ve Cloudflare\u2013cPanel ikilisini disiplinli kullanmakla b\u00fcy\u00fck \u00f6l\u00e7\u00fcde kontrol alt\u0131na al\u0131nabiliyor. DCHost olarak pratikte g\u00f6rd\u00fc\u011f\u00fcm\u00fcz en b\u00fcy\u00fck fark, teknik karma\u015f\u0131kl\u0131ktan de\u011fil, s\u00fcre\u00e7 eksikli\u011finden kaynaklan\u0131yor: Kimin hangi subdomain\u2019den sorumlu oldu\u011fu belirsizse, kimse gereksiz DNS kayd\u0131 silmeye cesaret edemiyor. Bu makaledeki kontrol listesini ekibinizle payla\u015f\u0131n, ilk etapta en g\u00f6r\u00fcn\u00fcr riskleri temizleyin ve ard\u0131ndan d\u00fczenli temizlik sprint\u2019leri planlay\u0131n. Domain, hosting, VPS, dedicated sunucu ya da colocation altyap\u0131n\u0131z\u0131 tasarlarken DNS g\u00fcvenli\u011fini mimarinin ayr\u0131lmaz bir par\u00e7as\u0131 h\u00e2line getirirseniz, subdomain takeover sizin i\u00e7in teoride kal\u0131r. DCHost ekibi olarak, altyap\u0131n\u0131z\u0131 planlarken ve g\u00f6zden ge\u00e7irirken bu t\u00fcr konularda yan\u0131n\u0131zda olmaya devam edece\u011fiz.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Subdomain takeover, DNS taraf\u0131nda k\u00fc\u00e7\u00fck gibi g\u00f6r\u00fcnen bir hatan\u0131n t\u00fcm markay\u0131 riske atabildi\u011fi, son y\u0131llar\u0131n en kritik web g\u00fcvenlik a\u00e7\u0131klar\u0131ndan biri. \u00d6zellikle Cloudflare \u00fczerinde DNS y\u00f6neten, arka tarafta ise cPanel kullan\u0131lan yap\u0131larda; test ortamlar\u0131, eski kampanya alt alan adlar\u0131 ve kapat\u0131lm\u0131\u015f \u00fc\u00e7\u00fcnc\u00fc taraf servisler y\u00fcz\u00fcnden bo\u015fta kalan (dangling) DNS kay\u0131tlar\u0131 s\u0131k\u00e7a kar\u015f\u0131m\u0131za \u00e7\u0131k\u0131yor. G\u00fcvenlik denetimleri [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3087,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-3086","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/3086","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=3086"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/3086\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/3087"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=3086"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=3086"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=3086"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}