{"id":4001,"date":"2026-01-02T17:27:07","date_gmt":"2026-01-02T14:27:07","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/paylasimli-hostingde-dosya-yukleme-formlarini-guvenli-hale-getirmek-php-ayarlari-mime-kontrolu-ve-klasor-izinleri\/"},"modified":"2026-01-02T17:27:07","modified_gmt":"2026-01-02T14:27:07","slug":"paylasimli-hostingde-dosya-yukleme-formlarini-guvenli-hale-getirmek-php-ayarlari-mime-kontrolu-ve-klasor-izinleri","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/paylasimli-hostingde-dosya-yukleme-formlarini-guvenli-hale-getirmek-php-ayarlari-mime-kontrolu-ve-klasor-izinleri\/","title":{"rendered":"Payla\u015f\u0131ml\u0131 Hosting\u2019de Dosya Y\u00fckleme Formlar\u0131n\u0131 G\u00fcvenli Hale Getirmek: PHP Ayarlar\u0131, MIME Kontrol\u00fc ve Klas\u00f6r \u0130zinleri"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><p>Payla\u015f\u0131ml\u0131 hosting \u00fczerinde \u00e7al\u0131\u015fan bir PHP uygulamas\u0131nda ziyaret\u00e7ilere dosya y\u00fckleme imk\u00e2n\u0131 verdi\u011finiz anda, sitenizin sald\u0131r\u0131 y\u00fczeyini ciddi \u015fekilde geni\u015fletmi\u015f olursunuz. Profil foto\u011fraf\u0131, fatura PDF\u2019i, \u00f6zge\u00e7mi\u015f veya destek bileti eki\u2026 Senaryo ne olursa olsun, kullan\u0131c\u0131dan gelen her dosya potansiyel bir sald\u0131r\u0131 vekt\u00f6r\u00fcd\u00fcr. \u00d6zellikle ayn\u0131 fiziksel sunucuda birden fazla hesab\u0131n bulundu\u011fu <a href=\"https:\/\/www.dchost.com\/tr\/web-hosting\">payla\u015f\u0131ml\u0131 hosting<\/a> ortamlar\u0131nda, k\u00fc\u00e7\u00fck bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bazen t\u00fcm hesab\u0131, hatta yan hesaplar\u0131 bile etkileyebilir.<\/p>\n<p>Bu yaz\u0131da DCHost ekibi olarak, payla\u015f\u0131ml\u0131 hosting\u2019de dosya y\u00fckleme formlar\u0131n\u0131 ger\u00e7ekten g\u00fcvenli hale getirmek i\u00e7in neler yapman\u0131z gerekti\u011fini ad\u0131m ad\u0131m ele alaca\u011f\u0131z. Odakta \u00fc\u00e7 temel ba\u015fl\u0131k var: <strong>PHP ayarlar\u0131<\/strong>, <strong>MIME t\u00fcr\u00fc \/ i\u00e7erik kontrol\u00fc<\/strong> ve <strong>klas\u00f6r izinleri<\/strong>. Ayr\u0131ca tipik bir PHP upload ak\u0131\u015f\u0131n\u0131 \u00f6rnek kodlarla inceleyecek, dosyalar\u0131n web k\u00f6k\u00fc d\u0131\u015f\u0131nda tutulmas\u0131, .htaccess ile eri\u015fimin s\u0131n\u0131rland\u0131r\u0131lmas\u0131 ve log tutma gibi kritik detaylara da de\u011finece\u011fiz. Yaz\u0131n\u0131n sonunda, hangi a\u015famada payla\u015f\u0131ml\u0131 hosting\u2019den \u00e7\u0131karak DCHost \u00fczerinde bir <a href=\"https:\/\/www.dchost.com\/tr\/vps\">VPS<\/a> veya <a href=\"https:\/\/www.dchost.com\/tr\/fiziksel-sunucu\">dedicated sunucu<\/a>ya ge\u00e7meyi d\u00fc\u015f\u00fcnmeniz gerekti\u011fini de daha net g\u00f6rebileceksiniz.<\/p>\n<div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#Paylasimli_Hostingde_Dosya_Yukleme_Neden_Bu_Kadar_Riskli\"><span class=\"toc_number toc_depth_1\">1<\/span> Payla\u015f\u0131ml\u0131 Hosting\u2019de Dosya Y\u00fckleme Neden Bu Kadar Riskli?<\/a><\/li><li><a href=\"#Guvenli_Dosya_Yukleme_Akisi_Nasil_Olmali\"><span class=\"toc_number toc_depth_1\">2<\/span> G\u00fcvenli Dosya Y\u00fckleme Ak\u0131\u015f\u0131 Nas\u0131l Olmal\u0131?<\/a><ul><li><a href=\"#Izin_verilen_dosya_turlerini_net_tanimlayin\"><span class=\"toc_number toc_depth_2\">2.1<\/span> \u0130zin verilen dosya t\u00fcrlerini net tan\u0131mlay\u0131n<\/a><\/li><li><a href=\"#Basit_bir_HTML_formu_ve_temel_PHP_isleyici_ornegi\"><span class=\"toc_number toc_depth_2\">2.2<\/span> Basit bir HTML formu ve temel PHP i\u015fleyici \u00f6rne\u011fi<\/a><\/li><\/ul><\/li><li><a href=\"#PHP_Ayarlariyla_Dosya_Yuklemeyi_Sikilastirmak\"><span class=\"toc_number toc_depth_1\">3<\/span> PHP Ayarlar\u0131yla Dosya Y\u00fcklemeyi S\u0131k\u0131la\u015ft\u0131rmak<\/a><ul><li><a href=\"#upload_max_filesize_post_max_size_ve_max_file_uploads\"><span class=\"toc_number toc_depth_2\">3.1<\/span> upload_max_filesize, post_max_size ve max_file_uploads<\/a><\/li><li><a href=\"#Gecici_dizin_open_basedir_ve_hata_loglari\"><span class=\"toc_number toc_depth_2\">3.2<\/span> Ge\u00e7ici dizin, open_basedir ve hata loglar\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#MIME_Turu_ve_Icerik_Dogrulama_Sadece_Uzantiya_Guvenmeyin\"><span class=\"toc_number toc_depth_1\">4<\/span> MIME T\u00fcr\u00fc ve \u0130\u00e7erik Do\u011frulama: Sadece Uzant\u0131ya G\u00fcvenmeyin<\/a><ul><li><a href=\"#finfo_file_ile_sunucu_tarafli_MIME_kontrolu\"><span class=\"toc_number toc_depth_2\">4.1<\/span> finfo_file ile sunucu tarafl\u0131 MIME kontrol\u00fc<\/a><\/li><li><a href=\"#Gorseller_icin_ek_kontroller_getimagesize_exif_imagetype\"><span class=\"toc_number toc_depth_2\">4.2<\/span> G\u00f6rseller i\u00e7in ek kontroller (getimagesize, exif_imagetype)<\/a><\/li><\/ul><\/li><li><a href=\"#Klasor_Yapisi_ve_Izinleri_777den_Uzak_Durun\"><span class=\"toc_number toc_depth_1\">5<\/span> Klas\u00f6r Yap\u0131s\u0131 ve \u0130zinleri: 777\u2019den Uzak Durun<\/a><ul><li><a href=\"#Upload_klasorunu_web_kokunun_disina_tasiyin\"><span class=\"toc_number toc_depth_2\">5.1<\/span> Upload klas\u00f6r\u00fcn\u00fc web k\u00f6k\u00fcn\u00fcn d\u0131\u015f\u0131na ta\u015f\u0131y\u0131n<\/a><\/li><li><a href=\"#Mecbursaniz_public_html_icinde_htaccess_ile_erisimi_kisitlayin\"><span class=\"toc_number toc_depth_2\">5.2<\/span> Mecbursan\u0131z, public_html i\u00e7inde .htaccess ile eri\u015fimi k\u0131s\u0131tlay\u0131n<\/a><\/li><li><a href=\"#Dogru_dosya_izinleri_644_755_ve_asla_777_degil\"><span class=\"toc_number toc_depth_2\">5.3<\/span> Do\u011fru dosya izinleri: 644, 755 ve asla 777 de\u011fil<\/a><\/li><\/ul><\/li><li><a href=\"#Paylasimli_Hostinge_Ozel_Ek_Onlemler\"><span class=\"toc_number toc_depth_1\">6<\/span> Payla\u015f\u0131ml\u0131 Hosting\u2019e \u00d6zel Ek \u00d6nlemler<\/a><ul><li><a href=\"#Oran_sinirlama_CAPTCHA_ve_oturum_kontrolleri\"><span class=\"toc_number toc_depth_2\">6.1<\/span> Oran s\u0131n\u0131rlama, CAPTCHA ve oturum kontrolleri<\/a><\/li><li><a href=\"#Log_tutma_izleme_ve_supheli_dosyalari_temizleme\"><span class=\"toc_number toc_depth_2\">6.2<\/span> Log tutma, izleme ve \u015f\u00fcpheli dosyalar\u0131 temizleme<\/a><\/li><\/ul><\/li><li><a href=\"#WordPress_ve_Hazir_Scriptlerde_Dosya_Yukleme_Guvenligi\"><span class=\"toc_number toc_depth_1\">7<\/span> WordPress ve Haz\u0131r Script\u2019lerde Dosya Y\u00fckleme G\u00fcvenli\u011fi<\/a><\/li><li><a href=\"#HTTP_Guvenlik_Basliklari_ve_Tarayici_Tarafi_Koruma\"><span class=\"toc_number toc_depth_1\">8<\/span> HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131 ve Taray\u0131c\u0131 Taraf\u0131 Koruma<\/a><\/li><li><a href=\"#Ne_Zaman_VPS_veya_Dedicated_Sunucuya_Gecmeyi_Dusunmelisiniz\"><span class=\"toc_number toc_depth_1\">9<\/span> Ne Zaman VPS veya Dedicated Sunucuya Ge\u00e7meyi D\u00fc\u015f\u00fcnmelisiniz?<\/a><\/li><li><a href=\"#Sonuc_ve_DCHost_Uzerinde_Guvenli_Yukleme_Stratejisi\"><span class=\"toc_number toc_depth_1\">10<\/span> Sonu\u00e7 ve DCHost \u00dczerinde G\u00fcvenli Y\u00fckleme Stratejisi<\/a><\/li><\/ul><\/div>\n<h2><span id=\"Paylasimli_Hostingde_Dosya_Yukleme_Neden_Bu_Kadar_Riskli\">Payla\u015f\u0131ml\u0131 Hosting\u2019de Dosya Y\u00fckleme Neden Bu Kadar Riskli?<\/span><\/h2>\n<p>Payla\u015f\u0131ml\u0131 hosting\u2019in do\u011fas\u0131 gere\u011fi, ayn\u0131 fiziksel sunucuda y\u00fczlerce hatta binlerce site bir arada bar\u0131n\u0131r. Her ne kadar modern izolasyon teknolojileri (CloudLinux, cagefs vb.) riskleri azaltsa da, <strong>hatal\u0131 bir dosya y\u00fckleme mant\u0131\u011f\u0131<\/strong> h\u00e2l\u00e2 en s\u0131k g\u00f6rd\u00fc\u011f\u00fcm\u00fcz sald\u0131r\u0131 giri\u015fimlerinden biridir.<\/p>\n<p>En yayg\u0131n riskler:<\/p>\n<ul>\n<li><strong>PHP shell y\u00fcklenmesi:<\/strong> Kullan\u0131c\u0131 .php, .phtml, .php5 gibi bir dosyay\u0131 resim uzant\u0131s\u0131yla gizleyip y\u00fckler ve sunucu bunu \u00e7al\u0131\u015ft\u0131r\u0131rsa, hesab\u0131n\u0131z tamamen ele ge\u00e7irilebilir.<\/li>\n<li><strong>Uzaktan kod \u00e7al\u0131\u015ft\u0131rma ve dosya okuma:<\/strong> Yanl\u0131\u015f yap\u0131land\u0131r\u0131lm\u0131\u015f upload klas\u00f6rleri, sald\u0131rganlar\u0131n konfig\u00fcrasyon dosyalar\u0131n\u0131 okumas\u0131na, loglara eri\u015fmesine hatta di\u011fer sitelere s\u0131\u00e7ramas\u0131na yol a\u00e7abilir.<\/li>\n<li><strong>Disk dolmas\u0131 ve inode t\u00fcketimi:<\/strong> S\u0131n\u0131rs\u0131z gibi g\u00f6r\u00fcnen upload formlar\u0131, \u00f6zellikle spam bot\u2019lar\u0131 taraf\u0131ndan kullan\u0131ld\u0131\u011f\u0131nda, payla\u015f\u0131ml\u0131 hosting hesab\u0131n\u0131z\u0131n <strong>disk kotas\u0131n\u0131<\/strong> ve <strong>inode limitini<\/strong> \u00e7ok h\u0131zl\u0131 doldurabilir.<\/li>\n<\/ul>\n<p>inode taraf\u0131ndaki etkileri pratikte s\u0131k\u00e7a g\u00f6r\u00fcyoruz; bu konuyu detayl\u0131 ele ald\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/paylasimli-hostingde-inode-limitine-takilmamak-icin-uygulamali-temizlik-rehberi\/\">payla\u015f\u0131ml\u0131 hosting\u2019de inode limitine tak\u0131lmamak i\u00e7in uygulamal\u0131 temizlik rehberi<\/a> yaz\u0131s\u0131na da g\u00f6z atman\u0131z faydal\u0131 olur.<\/p>\n<p>Riskleri azaltman\u0131n yolu, <strong>tek bir \u00f6nlemden<\/strong> de\u011fil, katmanl\u0131 bir yakla\u015f\u0131mdan ge\u00e7iyor: PHP seviyesinde s\u0131k\u0131 ayarlar, uygulama kodunda dosya ve MIME do\u011frulamas\u0131, dosya sisteminde g\u00fcvenli klas\u00f6r yap\u0131s\u0131 ve izinleri, art\u0131 web sunucusu seviyesinde ek korumalar.<\/p>\n<h2><span id=\"Guvenli_Dosya_Yukleme_Akisi_Nasil_Olmali\">G\u00fcvenli Dosya Y\u00fckleme Ak\u0131\u015f\u0131 Nas\u0131l Olmal\u0131?<\/span><\/h2>\n<p>\u00d6nce ideal ak\u0131\u015f\u0131 netle\u015ftirelim. G\u00fcvenli bir dosya y\u00fckleme s\u00fcreci kabaca \u015fu ad\u0131mlardan olu\u015fmal\u0131:<\/p>\n<ol>\n<li>Kullan\u0131c\u0131 oturumunun (login) ve <strong>CSRF token<\/strong>\u0131n\u0131n do\u011frulanmas\u0131<\/li>\n<li>Dosyan\u0131n <strong>boyutunun<\/strong> kontrol\u00fc (hem PHP ini limitleri hem uygulama limiti)<\/li>\n<li>Dosya ad\u0131n\u0131n ve uzant\u0131s\u0131n\u0131n beyaz listeye g\u00f6re kontrol\u00fc<\/li>\n<li><strong>MIME \/ i\u00e7erik t\u00fcr\u00fc do\u011frulamas\u0131<\/strong> (finfo_file, getimagesize, exif_imagetype vb.)<\/li>\n<li>Rastgele isimlendirme ve g\u00fcvenli bir hedef klas\u00f6re ta\u015f\u0131ma (move_uploaded_file)<\/li>\n<li>Upload klas\u00f6r\u00fcn\u00fcn <strong>web\u2019den do\u011frudan eri\u015filememesi<\/strong> veya en az\u0131ndan \u00e7al\u0131\u015ft\u0131r\u0131labilir dosyalara kapat\u0131lmas\u0131<\/li>\n<li>Gerekli log kay\u0131tlar\u0131n\u0131n tutulmas\u0131 ve \u015f\u00fcpheli durumlar\u0131n raporlanmas\u0131<\/li>\n<\/ol>\n<h3><span id=\"Izin_verilen_dosya_turlerini_net_tanimlayin\">\u0130zin verilen dosya t\u00fcrlerini net tan\u0131mlay\u0131n<\/span><\/h3>\n<p>\u201cHer \u015feyi y\u00fckleyebilsin\u201d dedi\u011finiz anda b\u00fcy\u00fck ihtimalle kaybediyorsunuz. \u0130htiyac\u0131n\u0131z neyse, <strong>sadece onu<\/strong> kabul edin:<\/p>\n<ul>\n<li>Profil foto\u011fraf\u0131: jpg, jpeg, png, webp<\/li>\n<li>Dok\u00fcman: pdf (gerekirse docx, xlsx ama \u00e7ok d\u00fc\u015f\u00fcnerek)<\/li>\n<\/ul>\n<p>Ve kesinlikle \u015fu uzant\u0131lar\u0131 <strong>yasaklay\u0131n<\/strong> (tam liste de\u011fil, \u00f6rnek):<\/p>\n<ul>\n<li>php, php3, php4, php5, php7, php8, phtml, phar<\/li>\n<li>cgi, pl, asp, aspx, jsp<\/li>\n<li>sh, bash, exe, dll, so<\/li>\n<\/ul>\n<p>Uzant\u0131 kontrol\u00fc tek ba\u015f\u0131na yeterli de\u011fil ama \u201cilk savunma hatt\u0131\u201d olarak mutlaka olmal\u0131.<\/p>\n<h3><span id=\"Basit_bir_HTML_formu_ve_temel_PHP_isleyici_ornegi\">Basit bir HTML formu ve temel PHP i\u015fleyici \u00f6rne\u011fi<\/span><\/h3>\n<p>\u00d6nce olduk\u00e7a sade bir form:<\/p>\n<pre class=\"language-php line-numbers\"><code class=\"language-php\">&lt;form action=&quot;upload.php&quot; method=&quot;post&quot; enctype=&quot;multipart\/form-data&quot;&gt;\n    &lt;input type=&quot;hidden&quot; name=&quot;csrf_token&quot; value=&quot;&lt;?php echo htmlspecialchars($_SESSION['csrf_token']); ?&gt;&quot;&gt;\n    &lt;input type=&quot;file&quot; name=&quot;dosya&quot; required&gt;\n    &lt;button type=&quot;submit&quot;&gt;Y\u00fckle&lt;\/button&gt;\n&lt;\/form&gt;\n<\/code><\/pre>\n<p>\u015eimdi de bu formu i\u015fleyecek <code>upload.php<\/code> dosyas\u0131nda <strong>minimum g\u00fcvenlik ad\u0131mlar\u0131n\u0131<\/strong> i\u00e7eren basit bir \u00f6rnek:<\/p>\n<pre class=\"language-php line-numbers\"><code class=\"language-php\">&lt;?php\nsession_start();\n\n\/\/ 1) CSRF kontrol\u00fc\nif (!isset($_POST['csrf_token'], $_SESSION['csrf_token']) || \n    !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {\n    die('Ge\u00e7ersiz istek');\n}\n\n\/\/ 2) Dosyan\u0131n ger\u00e7ekten y\u00fcklendi\u011finden emin olun\nif (!isset($_FILES['dosya']) || $_FILES['dosya']['error'] !== UPLOAD_ERR_OK) {\n    die('Dosya y\u00fckleme hatas\u0131');\n}\n\n$dosya = $_FILES['dosya'];\n\n\/\/ 3) Maksimum boyut (\u00f6rnek: 2 MB)\n$maxBoyut = 2 * 1024 * 1024; \/\/ 2 MB\nif ($dosya['size'] &gt; $maxBoyut) {\n    die('Dosya \u00e7ok b\u00fcy\u00fck');\n}\n\n\/\/ 4) Uzant\u0131 kontrol\u00fc\n$izinliUzantilar = ['jpg', 'jpeg', 'png', 'pdf'];\n$orijinalIsim = $dosya['name'];\n$uzanti = strtolower(pathinfo($orijinalIsim, PATHINFO_EXTENSION));\n\nif (!in_array($uzanti, $izinliUzantilar, true)) {\n    die('Bu dosya t\u00fcr\u00fcne izin verilmiyor');\n}\n\n\/\/ 5) MIME kontrol\u00fc (a\u015fa\u011f\u0131da detayland\u0131raca\u011f\u0131z)\n\/\/ 6) G\u00fcvenli klas\u00f6re rastgele isimle kaydetme\n<\/code><\/pre>\n<p>Buraya kadar olan k\u0131s\u0131m sadece \u201c\u0131s\u0131nma\u201d. As\u0131l kritik noktalar, PHP ayarlar\u0131 ve MIME \/ i\u00e7erik do\u011frulamas\u0131 ile klas\u00f6r izinlerinde ba\u015fl\u0131yor.<\/p>\n<h2><span id=\"PHP_Ayarlariyla_Dosya_Yuklemeyi_Sikilastirmak\">PHP Ayarlar\u0131yla Dosya Y\u00fcklemeyi S\u0131k\u0131la\u015ft\u0131rmak<\/span><\/h2>\n<p>Payla\u015f\u0131ml\u0131 hosting\u2019de \u00e7o\u011fu zaman <code>php.ini<\/code>\u2019yi do\u011frudan editleyemezsiniz. Ancak DCHost gibi modern platformlarda genellikle <code>.htaccess<\/code> \u00fczerinden <code>php_value<\/code> ile ya da paneldeki PHP se\u00e7ici aray\u00fcz\u00fc \u00fczerinden bir\u00e7ok \u00f6nemli limiti \u00f6zelle\u015ftirebilirsiniz. upload g\u00fcvenli\u011fiyle do\u011frudan ili\u015fkili kritik ayarlara bakal\u0131m.<\/p>\n<h3><span id=\"upload_max_filesize_post_max_size_ve_max_file_uploads\">upload_max_filesize, post_max_size ve max_file_uploads<\/span><\/h3>\n<ul>\n<li><strong>upload_max_filesize:<\/strong> Tek bir dosyan\u0131n maksimum boyutu.<\/li>\n<li><strong>post_max_size:<\/strong> T\u00fcm POST i\u00e7eri\u011finin (form alanlar\u0131 + dosyalar) toplam boyutu.<\/li>\n<li><strong>max_file_uploads:<\/strong> Tek istekte izin verilen maksimum dosya say\u0131s\u0131.<\/li>\n<\/ul>\n<p>\u00d6rne\u011fin sadece profil foto\u011fraf\u0131 al\u0131yorsan\u0131z, 50 MB gibi gereksiz y\u00fcksek de\u011ferler yerine, 2\u20135 MB seviyesinde limitler belirlemek \u00e7ok daha g\u00fcvenlidir. Bu ayarlar\u0131 ve <code>memory_limit<\/code>, <code>max_execution_time<\/code> gibi di\u011fer kritik de\u011ferleri detayl\u0131 anlatt\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/php-ayarlarini-dogru-yapmak-memory_limit-max_execution_time-ve-upload_max_filesize-kac-olmali\/\">PHP ayarlar\u0131n\u0131 do\u011fru yapmak rehberi<\/a> yaz\u0131s\u0131na mutlaka g\u00f6z atman\u0131z\u0131 \u00f6neririz.<\/p>\n<p>\u00d6rnek <code>.htaccess<\/code> ayarlar\u0131 (sunucu izin veriyorsa):<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">php_value upload_max_filesize 4M\nphp_value post_max_size 4M\nphp_value max_file_uploads 5\n<\/code><\/pre>\n<p>Buradaki de\u011ferler \u00fcst s\u0131n\u0131rd\u0131r. Uygulama kodunuzda da ayr\u0131ca <strong>daha d\u00fc\u015f\u00fck limit<\/strong> uygulayabilirsiniz (\u00f6rne\u011fin 2 MB).<\/p>\n<h3><span id=\"Gecici_dizin_open_basedir_ve_hata_loglari\">Ge\u00e7ici dizin, open_basedir ve hata loglar\u0131<\/span><\/h3>\n<p>PHP \u00f6nce dosyay\u0131 ge\u00e7ici dizine (tmp) yazar, ard\u0131ndan <code>move_uploaded_file()<\/code> ile sizin belirtti\u011finiz klas\u00f6re ta\u015f\u0131r. \u0130ki noktaya dikkat:<\/p>\n<ul>\n<li><strong>open_basedir:<\/strong> Bu ayarla PHP\u2019nin eri\u015febilece\u011fi dizinleri s\u0131n\u0131rland\u0131rabilirsiniz. Payla\u015f\u0131ml\u0131 hosting\u2019de \u00e7o\u011fu zaman hosting sa\u011flay\u0131c\u0131n\u0131z bunu sizin yerinize g\u00fcvenli bir \u015fekilde ayarlam\u0131\u015ft\u0131r. DCHost\u2019ta da kullan\u0131c\u0131lar\u0131n birbirlerinin dosyalar\u0131na eri\u015fememesi i\u00e7in gerekli izolasyon yap\u0131land\u0131rmalar\u0131 varsay\u0131lan olarak etkindir.<\/li>\n<li><strong>error_log:<\/strong> Hatalar\u0131n nereye yaz\u0131ld\u0131\u011f\u0131n\u0131 bilmek, upload problemlerini te\u015fhis ederken \u00e7ok yard\u0131mc\u0131 olur. PHP log yap\u0131land\u0131rmas\u0131n\u0131 detayl\u0131 anlatt\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/php-hata-kayitlarini-dogru-yapilandirmak-display_errors-error_log-ve-log_level\/\">PHP hata kay\u0131tlar\u0131n\u0131 do\u011fru yap\u0131land\u0131rma rehberi<\/a> yaz\u0131s\u0131n\u0131 da buraya not d\u00fc\u015felim.<\/li>\n<\/ul>\n<p>Hata loglar\u0131nda \u00f6zellikle:<\/p>\n<ul>\n<li>upload hatalar\u0131 (UPLOAD_ERR_*)<\/li>\n<li>\u201cExceeded filesize limit\u201d benzeri iletiler<\/li>\n<li>Beklenmedik MIME t\u00fcrleri veya bozuk dosya hatalar\u0131<\/li>\n<\/ul>\n<p>kar\u015f\u0131n\u0131za \u00e7\u0131k\u0131yorsa, hem g\u00fcvenlik hem de kullan\u0131labilirlik a\u00e7\u0131s\u0131ndan ayarlar\u0131n\u0131z\u0131 yeniden g\u00f6zden ge\u00e7irmeniz gerekir.<\/p>\n<h2><span id=\"MIME_Turu_ve_Icerik_Dogrulama_Sadece_Uzantiya_Guvenmeyin\">MIME T\u00fcr\u00fc ve \u0130\u00e7erik Do\u011frulama: Sadece Uzant\u0131ya G\u00fcvenmeyin<\/span><\/h2>\n<p>Uzant\u0131 kontrol\u00fc gereklidir ama asla yeterli de\u011fildir. <code>shell.php<\/code> dosyas\u0131n\u0131 \u201c<code>shell.php.jpg<\/code>\u201d olarak isimlendirip y\u00fcklemek, daha sonra da web sunucusunun zay\u0131f bir yap\u0131land\u0131rmas\u0131ndan faydalanarak bunu \u00e7al\u0131\u015ft\u0131rmaya \u00e7al\u0131\u015fmak sald\u0131rganlar\u0131n klasik numaralar\u0131ndan biridir.<\/p>\n<p>Bu nedenle hem <strong>dosya ad\u0131n\u0131\/uzant\u0131s\u0131n\u0131<\/strong> hem de <strong>dosyan\u0131n ger\u00e7ek i\u00e7eri\u011fini<\/strong> kontrol etmek zorundas\u0131n\u0131z.<\/p>\n<h3><span id=\"finfo_file_ile_sunucu_tarafli_MIME_kontrolu\">finfo_file ile sunucu tarafl\u0131 MIME kontrol\u00fc<\/span><\/h3>\n<p>PHP\u2019nin <code>fileinfo<\/code> eklentisi, dosyan\u0131n ba\u015fl\u0131k bilgisinden (magic bytes) yola \u00e7\u0131karak ger\u00e7ek t\u00fcr\u00fcn\u00fc anlamaya \u00e7al\u0131\u015f\u0131r. \u00d6rnek bir kontrol ak\u0131\u015f\u0131:<\/p>\n<pre class=\"language-php line-numbers\"><code class=\"language-php\">&lt;?php\n$izinliMime = [\n    'image\/jpeg',\n    'image\/png',\n    'application\/pdf',\n];\n\n$finfo = new finfo(FILEINFO_MIME_TYPE);\n$gercekMime = $finfo-&gt;file($dosya['tmp_name']);\n\nif (!in_array($gercekMime, $izinliMime, true)) {\n    die('Ge\u00e7ersiz dosya format\u0131');\n}\n<\/code><\/pre>\n<p>Dikkat edilmesi gereken bir nokta: Taray\u0131c\u0131n\u0131n g\u00f6nderdi\u011fi <code>$_FILES['dosya']['type']<\/code> alan\u0131 <strong>g\u00fcvenilir de\u011fildir<\/strong>; bunu kullanmay\u0131n. Her zaman sunucu taraf\u0131nda <code>finfo_file<\/code> veya benzeri fonksiyonlarla analiz yap\u0131n.<\/p>\n<h3><span id=\"Gorseller_icin_ek_kontroller_getimagesize_exif_imagetype\">G\u00f6rseller i\u00e7in ek kontroller (getimagesize, exif_imagetype)<\/span><\/h3>\n<p>E\u011fer sadece <strong>g\u00f6rsel<\/strong> kabul eden bir upload alan\u0131n\u0131z varsa, ek g\u00fcvenlik i\u00e7in:<\/p>\n<ul>\n<li><code>getimagesize()<\/code> ile resmin boyutlar\u0131n\u0131 ve t\u00fcr\u00fcn\u00fc okumak,<\/li>\n<li><code>exif_imagetype()<\/code> ile ger\u00e7ekten resim oldu\u011fundan emin olmak,<\/li>\n<\/ul>\n<p>mant\u0131kl\u0131d\u0131r. \u00d6rne\u011fin:<\/p>\n<pre class=\"language-php line-numbers\"><code class=\"language-php\">&lt;?php\n$bilgi = @getimagesize($dosya['tmp_name']);\nif ($bilgi === false) {\n    die('Ge\u00e7erli bir resim dosyas\u0131 de\u011fil');\n}\n\n$genislik  = $bilgi[0];\n$yukseklik = $bilgi[1];\n\nif ($genislik &gt; 2000 || $yukseklik &gt; 2000) {\n    die('Resim boyutu \u00e7ok b\u00fcy\u00fck');\n}\n<\/code><\/pre>\n<p>Bu t\u00fcr kontroller, bozuk ya da zararl\u0131 payload i\u00e7eren s\u00f6zde \u201cresim\u201d dosyalar\u0131n\u0131 \u00f6nemli \u00f6l\u00e7\u00fcde filtreler.<\/p>\n<h2><span id=\"Klasor_Yapisi_ve_Izinleri_777den_Uzak_Durun\">Klas\u00f6r Yap\u0131s\u0131 ve \u0130zinleri: 777\u2019den Uzak Durun<\/span><\/h2>\n<p>Upload g\u00fcvenli\u011finin en kritik fakat en \u00e7ok ihmal edilen k\u0131sm\u0131, <strong>dosya sistemindeki konum<\/strong> ve <strong>izinlerdir<\/strong>. Payla\u015f\u0131ml\u0131 hosting\u2019de \u201c\u00e7al\u0131\u015fs\u0131n da nas\u0131l \u00e7al\u0131\u015f\u0131rsa \u00e7al\u0131\u015fs\u0131n\u201d diye upload klas\u00f6r\u00fcne 777 vermek, sald\u0131rganlar i\u00e7in davetiye \u00e7\u0131karmakt\u0131r.<\/p>\n<h3><span id=\"Upload_klasorunu_web_kokunun_disina_tasiyin\">Upload klas\u00f6r\u00fcn\u00fc web k\u00f6k\u00fcn\u00fcn d\u0131\u015f\u0131na ta\u015f\u0131y\u0131n<\/span><\/h3>\n<p>En g\u00fcvenli senaryo, y\u00fcklenen dosyalar\u0131n <strong>web\u2019den do\u011frudan eri\u015filemeyen<\/strong> bir dizinde tutulmas\u0131d\u0131r. \u00d6rne\u011fin cPanel benzeri bir yap\u0131da:<\/p>\n<ul>\n<li>Web k\u00f6k\u00fc: <code>\/home\/kullanici\/public_html<\/code><\/li>\n<li>Upload klas\u00f6r\u00fc: <code>\/home\/kullanici\/uploads<\/code> (public_html d\u0131\u015f\u0131nda)<\/li>\n<\/ul>\n<p>Bu durumda kullan\u0131c\u0131ya dosya sunmak i\u00e7in bir PHP beti\u011fi \u00fczerinden \u201cproxy\u201d yapars\u0131n\u0131z:<\/p>\n<pre class=\"language-php line-numbers\"><code class=\"language-php\">&lt;?php\n\/\/ dosya_indir.php\n\n\/\/ Yetki kontrol\u00fc, login vb.\n\n$dosyaYolu = '\/home\/kullanici\/uploads\/' . $kaydedilenDosyaAdi;\n\nif (!file_exists($dosyaYolu)) {\n    http_response_code(404);\n    exit('Bulunamad\u0131');\n}\n\n\/\/ \u0130\u00e7erik t\u00fcr\u00fcn\u00fc ayarla (g\u00fcvenli bir whitelist \u00fczerinden)\nheader('Content-Type: application\/octet-stream');\nheader('Content-Disposition: attachment; filename=&quot;indirme.pdf&quot;');\nreadfile($dosyaYolu);\n<\/code><\/pre>\n<p>B\u00f6ylece dosya asla do\u011frudan URL ile \u00e7a\u011fr\u0131lamaz; mutlaka sizin kontrol\u00fcn\u00fczden ge\u00e7er.<\/p>\n<h3><span id=\"Mecbursaniz_public_html_icinde_htaccess_ile_erisimi_kisitlayin\">Mecbursan\u0131z, public_html i\u00e7inde .htaccess ile eri\u015fimi k\u0131s\u0131tlay\u0131n<\/span><\/h3>\n<p>Baz\u0131 haz\u0131r script\u2019ler veya k\u0131s\u0131tl\u0131 yap\u0131land\u0131rmalarda upload klas\u00f6r\u00fcn\u00fc web k\u00f6k\u00fc d\u0131\u015f\u0131na \u00e7\u0131karmak zor olabilir. Bu durumda en az\u0131ndan o klas\u00f6r i\u00e7inde .htaccess ile <strong>script \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131n\u0131 engellemek<\/strong> kritik bir ad\u0131m olur:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\"># uploads\/.htaccess\n\nOptions -Indexes\n&lt;FilesMatch &quot;.(php|php3|php4|php5|php7|php8|phtml|phar)$&quot;&gt;\n    Deny from all\n&lt;\/FilesMatch&gt;\n<\/code><\/pre>\n<p>Bu ayarlar Apache tabanl\u0131 sistemler i\u00e7in \u00f6rnektir. LiteSpeed gibi uyumlu sunucularda da benzer \u015fekilde \u00e7al\u0131\u015f\u0131r. Nginx kullan\u0131yorsan\u0131z, ilgili <code>location<\/code> blo\u011funda PHP uzant\u0131lar\u0131n\u0131 devre d\u0131\u015f\u0131 b\u0131rakman\u0131z gerekir.<\/p>\n<h3><span id=\"Dogru_dosya_izinleri_644_755_ve_asla_777_degil\">Do\u011fru dosya izinleri: 644, 755 ve asla 777 de\u011fil<\/span><\/h3>\n<p>Dosya ve klas\u00f6r izinleri konusunda ayr\u0131nt\u0131l\u0131 olarak <a href=\"https:\/\/www.dchost.com\/blog\/linux-dosya-izinleri-644-755-777-paylasimli-hosting-ve-vps-icin-guvenli-ayarlar\/\">Linux dosya izinleri 644, 755, 777 rehberi<\/a> yaz\u0131m\u0131zda bahsetmi\u015ftik; burada upload \u00f6zelinde \u00f6zetleyelim:<\/p>\n<ul>\n<li><strong>Klas\u00f6rler<\/strong>: Genellikle <code>755<\/code> yeterlidir (sahip: yazma, di\u011ferleri: okuma + \u00e7al\u0131\u015ft\u0131rma).<\/li>\n<li><strong>Dosyalar<\/strong>: \u00c7o\u011fu senaryoda <code>644<\/code> idealdir (sahip: okuma + yazma, di\u011ferleri: okuma).<\/li>\n<li><strong>777<\/strong>: Herkese yazma izni verdi\u011finden, <strong>\u00e7ok ciddi g\u00fcvenlik riski<\/strong> ta\u015f\u0131r; ka\u00e7\u0131nmal\u0131s\u0131n\u0131z.<\/li>\n<\/ul>\n<p>Payla\u015f\u0131ml\u0131 hosting\u2019de dosya ve klas\u00f6rler genellikle web sunucusuyla ayn\u0131 kullan\u0131c\u0131 ya da ayn\u0131 grup alt\u0131nda \u00e7al\u0131\u015ft\u0131\u011f\u0131 i\u00e7in, 755\/644 izinleri hem \u201c\u00e7al\u0131\u015f\u0131r\u201d hem de makul g\u00fcvenlik seviyesi sunar. \u0130zinleri s\u00fcrekli 777 yapman\u0131z gerekiyorsa, as\u0131l sorunu (sahiplik, PHP-FPM kullan\u0131c\u0131 ayar\u0131 vb.) tespit etmek daha do\u011frudur.<\/p>\n<h2><span id=\"Paylasimli_Hostinge_Ozel_Ek_Onlemler\">Payla\u015f\u0131ml\u0131 Hosting\u2019e \u00d6zel Ek \u00d6nlemler<\/span><\/h2>\n<p>Payla\u015f\u0131ml\u0131 hosting\u2019de sald\u0131rganlar genellikle tek bir a\u00e7\u0131\u011f\u0131 kitlesel olarak s\u00f6m\u00fcrmeye \u00e7al\u0131\u015f\u0131r: Ayn\u0131 yaz\u0131l\u0131m\u0131 kullanan y\u00fczlerce siteye otomatik bot\u2019larla ayn\u0131 payload\u2019\u0131 yollarlar. Dosya upload formlar\u0131 da bu otomatik sald\u0131r\u0131lar\u0131n pop\u00fcler hedefidir.<\/p>\n<h3><span id=\"Oran_sinirlama_CAPTCHA_ve_oturum_kontrolleri\">Oran s\u0131n\u0131rlama, CAPTCHA ve oturum kontrolleri<\/span><\/h3>\n<p>\u015eu \u00f6nlemler \u00f6zellikle \u00f6nemlidir:<\/p>\n<ul>\n<li><strong>Giri\u015f zorunlulu\u011fu:<\/strong> M\u00fcmk\u00fcnse dosya upload\u2019\u0131n\u0131 sadece giri\u015f yapm\u0131\u015f kullan\u0131c\u0131lara a\u00e7\u0131n.<\/li>\n<li><strong>reCAPTCHA \/ Honeypot:<\/strong> Otomatik bot\u2019lar\u0131n formu doldurmas\u0131n\u0131 zorla\u015ft\u0131r\u0131r. Bu konuda daha genel bir bak\u0131\u015f i\u00e7in <a href=\"https:\/\/www.dchost.com\/blog\/iletisim-formu-spamini-azaltmak-paylasimli-hostingde-recaptcha-honeypot-ve-mail-sunucusu-ayarlari\/\">ileti\u015fim formu spam\u2019ini azaltma rehberi<\/a> yaz\u0131m\u0131za bakabilirsiniz.<\/li>\n<li><strong>Oran s\u0131n\u0131rlama (rate limiting):<\/strong> Ayn\u0131 IP veya kullan\u0131c\u0131 i\u00e7in birim zamanda yap\u0131labilecek upload say\u0131s\u0131n\u0131 s\u0131n\u0131rlay\u0131n.<\/li>\n<\/ul>\n<p>Bunlar do\u011frudan PHP upload g\u00fcvenli\u011fi de\u011filmi\u015f gibi g\u00f6r\u00fcnse de, pratikte en \u00e7ok i\u015finize yarayan savunma katmanlar\u0131ndan biridir.<\/p>\n<h3><span id=\"Log_tutma_izleme_ve_supheli_dosyalari_temizleme\">Log tutma, izleme ve \u015f\u00fcpheli dosyalar\u0131 temizleme<\/span><\/h3>\n<p>Ne kadar iyi tasarlarsan\u0131z tasarlay\u0131n, pratikte hatalar olabilir veya yeni sald\u0131r\u0131 teknikleri ortaya \u00e7\u0131kabilir. Bu nedenle:<\/p>\n<ul>\n<li>Her upload i\u015flemini (kullan\u0131c\u0131, IP, dosya ad\u0131, boyutu, MIME t\u00fcr\u00fc) basit bir tabloya veya log dosyas\u0131na kaydedin.<\/li>\n<li>Normalde beklemedi\u011finiz dosya t\u00fcrleri, a\u015f\u0131r\u0131 b\u00fcy\u00fck boyutlar veya ayn\u0131 IP\u2019den k\u0131sa s\u00fcrede gelen \u00e7ok say\u0131da dosya gibi anomalileri tespit edin.<\/li>\n<li>\u015e\u00fcpheli durumlarda ilgili dosyalar\u0131 devre d\u0131\u015f\u0131 b\u0131rak\u0131n, hesab\u0131 kilitleyin veya en az\u0131ndan manuel incelemeye al\u0131n.<\/li>\n<\/ul>\n<p>E\u011fer sitenizin daha \u00f6nce upload \u00fczerinden hacklendi\u011fini d\u00fc\u015f\u00fcn\u00fcyorsan\u0131z, <a href=\"https:\/\/www.dchost.com\/blog\/hacked-php-sitelerini-temizleme-rehberi-backdoor-tespiti-tarama-ve-guvenli-tasima\/\">hacklenmi\u015f PHP sitelerini temizleme rehberimiz<\/a> size sa\u011flam bir yol haritas\u0131 sunacakt\u0131r.<\/p>\n<h2><span id=\"WordPress_ve_Hazir_Scriptlerde_Dosya_Yukleme_Guvenligi\">WordPress ve Haz\u0131r Script\u2019lerde Dosya Y\u00fckleme G\u00fcvenli\u011fi<\/span><\/h2>\n<p>\u00c7o\u011fu WordPress, forum veya haz\u0131r CRM\/yard\u0131m masas\u0131 script\u2019i kendi upload mant\u0131\u011f\u0131n\u0131 beraberinde getirir. \u201cBen zaten pop\u00fcler bir sistem kullan\u0131yorum, d\u00fc\u015f\u00fcnmeme gerek yok\u201d demek ise maalesef ger\u00e7ek\u00e7i de\u011fil.<\/p>\n<ul>\n<li>Kulland\u0131\u011f\u0131n\u0131z tema ve eklentilerin hangi upload endpoint\u2019lerine sahip oldu\u011funu bilin.<\/li>\n<li>M\u00fcmk\u00fcn oldu\u011fu kadar az eklentinin dosya y\u00fcklemesine izin verin.<\/li>\n<li>G\u00fcncellemeleri d\u00fczenli yap\u0131n; upload ile ilgili g\u00fcvenlik yamalar\u0131 s\u0131k\u00e7a yay\u0131nlan\u0131r.<\/li>\n<li>Ek koruma i\u00e7in WAF (Web Uygulama G\u00fcvenlik Duvar\u0131) ve g\u00fcvenlik eklentileri kullan\u0131n.<\/li>\n<\/ul>\n<p>WordPress kullan\u0131yorsan\u0131z, payla\u015f\u0131ml\u0131 hosting ortam\u0131nda alabilece\u011finiz ek \u00f6nlemleri <a href=\"https:\/\/www.dchost.com\/blog\/paylasimli-hostingde-wordpress-guvenligi-eklentiler-waf-2fa-ve-yedekler\/\">payla\u015f\u0131ml\u0131 hosting\u2019de WordPress g\u00fcvenli\u011fi<\/a> yaz\u0131m\u0131zda detayl\u0131 anlatt\u0131k. Dosya izinleri, WAF, 2FA ve yedekleme stratejileriyle birlikte ele al\u0131nd\u0131\u011f\u0131nda, upload y\u00fczeyiniz \u00e7ok daha g\u00fcvenli h\u00e2le gelir.<\/p>\n<h2><span id=\"HTTP_Guvenlik_Basliklari_ve_Tarayici_Tarafi_Koruma\">HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131 ve Taray\u0131c\u0131 Taraf\u0131 Koruma<\/span><\/h2>\n<p>Dosya upload\u2019\u0131 do\u011frudan HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131yla ilgili olmasa da, indirilen dosyalar\u0131n taray\u0131c\u0131da nas\u0131l i\u015flendi\u011fi \u00fczerinde etkili olabilirsiniz. \u00d6rne\u011fin:<\/p>\n<ul>\n<li><strong>Content-Type<\/strong> ba\u015fl\u0131\u011f\u0131n\u0131 do\u011fru ayarlayarak, dosyan\u0131n \u201cindirme\u201d mi yoksa \u201ctaray\u0131c\u0131da g\u00f6r\u00fcnt\u00fcleme\u201d mi olaca\u011f\u0131n\u0131 kontrol edebilirsiniz.<\/li>\n<li><strong>Content-Disposition: attachment<\/strong> kullanarak, \u00f6rne\u011fin PDF\u2019lerin taray\u0131c\u0131 i\u00e7inde de\u011fil de indirme \u015feklinde a\u00e7\u0131lmas\u0131n\u0131 sa\u011flayabilirsiniz.<\/li>\n<li><strong>X-Content-Type-Options: nosniff<\/strong> ile taray\u0131c\u0131n\u0131n i\u00e7erik t\u00fcr\u00fcn\u00fc tahmin etmeye \u00e7al\u0131\u015fmas\u0131n\u0131 engelleyebilirsiniz.<\/li>\n<\/ul>\n<p>HTTP ba\u015fl\u0131klar\u0131yla ilgili kapsaml\u0131 bir anlat\u0131m\u0131 <a href=\"https:\/\/www.dchost.com\/blog\/http-guvenlik-basliklari-rehberi-hsts-csp-x-frame-options-ve-referrer-policy-dogru-nasil-kurulur\/\">HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131 rehberimizde<\/a> bulabilirsiniz. \u00d6zellikle <code>X-Content-Type-Options<\/code> ve <code>Content-Security-Policy<\/code>, zararl\u0131 i\u00e7eriklerin taray\u0131c\u0131da \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131n\u0131 zorla\u015ft\u0131rma a\u00e7\u0131s\u0131ndan \u00f6nemlidir.<\/p>\n<h2><span id=\"Ne_Zaman_VPS_veya_Dedicated_Sunucuya_Gecmeyi_Dusunmelisiniz\">Ne Zaman VPS veya Dedicated Sunucuya Ge\u00e7meyi D\u00fc\u015f\u00fcnmelisiniz?<\/span><\/h2>\n<p>Payla\u015f\u0131ml\u0131 hosting, do\u011fru kullan\u0131ld\u0131\u011f\u0131nda son derece ekonomik ve pratik bir \u00e7\u00f6z\u00fcmd\u00fcr. Ancak dosya y\u00fckleme yo\u011funlu\u011fu ve g\u00fcvenlik beklentisi artt\u0131k\u00e7a, daha fazla kontrol ihtiyac\u0131n\u0131z da artar. \u015eu durumlarda DCHost \u00fczerinde bir <strong>VPS<\/strong> veya <strong>dedicated sunucu<\/strong> d\u00fc\u015f\u00fcnmek mant\u0131kl\u0131 olabilir:<\/p>\n<ul>\n<li>\u00c7ok say\u0131da kullan\u0131c\u0131ya dosya y\u00fckleme imk\u00e2n\u0131 veriyorsan\u0131z (\u00f6rn. m\u00fc\u015fteri portal\u0131, e\u011fitim platformu, dosya payla\u015f\u0131m servisi).<\/li>\n<li>Y\u00fcklenen dosyalar\u0131 arka planda i\u015fliyorsan\u0131z (g\u00f6rsel s\u0131k\u0131\u015ft\u0131rma, video d\u00f6n\u00fc\u015ft\u00fcrme vb.).<\/li>\n<li>Web sunucusu ve PHP yap\u0131land\u0131rmas\u0131n\u0131 (Nginx\/Apache kurallar\u0131, ayr\u0131 PHP-FPM havuzlar\u0131, \u00f6zel g\u00fcvenlik mod\u00fclleri) ince ayar yapmak istiyorsan\u0131z.<\/li>\n<li>Upload trafi\u011finiz ve depolama ihtiyac\u0131n\u0131z klasik payla\u015f\u0131ml\u0131 hosting s\u0131n\u0131rlar\u0131n\u0131 zorluyorsa.<\/li>\n<\/ul>\n<p>DCHost olarak hem <strong>VPS<\/strong> hem de <strong>dedicated sunucu<\/strong> ve <strong>colocation<\/strong> hizmetleriyle, dosya y\u00fckleme yo\u011funlu\u011fu y\u00fcksek uygulamalar\u0131n\u0131z\u0131 izole ve \u00f6l\u00e7eklenebilir bir altyap\u0131ya ta\u015f\u0131man\u0131za yard\u0131mc\u0131 olabiliriz. B\u00f6ylece upload g\u00fcvenli\u011fini sadece uygulama kodu seviyesinde de\u011fil, a\u011f, firewall, WAF ve dosya sistemi seviyelerinde de diledi\u011finiz kadar s\u0131k\u0131la\u015ft\u0131rabilirsiniz.<\/p>\n<h2><span id=\"Sonuc_ve_DCHost_Uzerinde_Guvenli_Yukleme_Stratejisi\">Sonu\u00e7 ve DCHost \u00dczerinde G\u00fcvenli Y\u00fckleme Stratejisi<\/span><\/h2>\n<p>Payla\u015f\u0131ml\u0131 hosting\u2019de dosya y\u00fckleme formlar\u0131n\u0131 g\u00fcvenli hale getirmek, tek bir \u201csihirli ayar\u201dla \u00e7\u00f6z\u00fclebilecek bir konu de\u011fil. <strong>PHP ayarlar\u0131<\/strong>, <strong>MIME \/ i\u00e7erik do\u011frulamas\u0131<\/strong> ve <strong>klas\u00f6r izinleri<\/strong> bir araya geldi\u011finde, \u00fczerine de oturum kontrolleri, CAPTCHA, oran s\u0131n\u0131rlama ve loglama gibi katmanlar eklendi\u011finde ger\u00e7ekten tatmin edici bir g\u00fcvenlik seviyesi olu\u015fturabilirsiniz.<\/p>\n<p>\u00d6zetle:<\/p>\n<ul>\n<li>\u0130zin verilen dosya t\u00fcrlerini net tan\u0131mlay\u0131n, uzant\u0131 ve MIME kontrol\u00fcn\u00fc birlikte kullan\u0131n.<\/li>\n<li><code>upload_max_filesize<\/code> ve <code>post_max_size<\/code> de\u011ferlerini ihtiyac\u0131n\u0131za g\u00f6re k\u0131s\u0131tlay\u0131n; gereksiz \u201cdev\u201d limitlerden ka\u00e7\u0131n\u0131n.<\/li>\n<li>Upload klas\u00f6r\u00fcn\u00fc m\u00fcmk\u00fcnse web k\u00f6k\u00fc d\u0131\u015f\u0131na ta\u015f\u0131y\u0131n; de\u011filse .htaccess ile script \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131n\u0131 engelleyin.<\/li>\n<li>Dosya ve klas\u00f6r izinlerinde 755\/644 \u00e7izgisini koruyun; 777\u2019yi g\u00fcndeminizden \u00e7\u0131kar\u0131n.<\/li>\n<li>\u015e\u00fcpheli aktiviteleri tespit edebilmek i\u00e7in upload i\u015flemlerini mutlaka loglay\u0131n.<\/li>\n<\/ul>\n<p>E\u011fer mevcut sitenizde dosya y\u00fckleme g\u00fcvenli\u011finden emin de\u011filseniz veya yeni bir proje planlarken mimariyi do\u011fru kurmak istiyorsan\u0131z, DCHost ekibi olarak hem payla\u015f\u0131ml\u0131 hosting hem de VPS \/ dedicated \u00e7\u00f6z\u00fcmler \u00fczerinde sizinle birlikte en uygun stratejiyi tasarlayabiliriz. \u0130htiya\u00e7lar\u0131n\u0131z b\u00fcy\u00fcd\u00fc\u011f\u00fcnde, payla\u015f\u0131ml\u0131 hosting\u2019den DCHost VPS\u2019e ge\u00e7i\u015fi nas\u0131l sorunsuz yapabilece\u011finizi anlatt\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/paylasimli-hostingden-vpse-sorunsuz-gecis-rehberi\/\">payla\u015f\u0131ml\u0131 hosting\u2019den VPS\u2019e sorunsuz ge\u00e7i\u015f rehberi<\/a> yaz\u0131m\u0131z da yolun devam\u0131 i\u00e7in iyi bir rehber olacak.<\/p>\n<p>Do\u011fru kurgulanm\u0131\u015f bir upload ak\u0131\u015f\u0131 hem kullan\u0131c\u0131 deneyimini bozmadan \u00e7al\u0131\u015f\u0131r, hem de g\u00fcvenlik denetimlerinden y\u00fcz\u00fcn\u00fcz\u00fcn ak\u0131yla \u00e7\u0131kman\u0131z\u0131 sa\u011flar. Bir sonraki projede, dosya y\u00fckleme k\u0131sm\u0131n\u0131 \u201cson dakikaya\u201d b\u0131rakmay\u0131n; mimari tasar\u0131m\u0131n ilk g\u00fcnlerinden itibaren oyunun bir par\u00e7as\u0131 yap\u0131n.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Payla\u015f\u0131ml\u0131 hosting \u00fczerinde \u00e7al\u0131\u015fan bir PHP uygulamas\u0131nda ziyaret\u00e7ilere dosya y\u00fckleme imk\u00e2n\u0131 verdi\u011finiz anda, sitenizin sald\u0131r\u0131 y\u00fczeyini ciddi \u015fekilde geni\u015fletmi\u015f olursunuz. Profil foto\u011fraf\u0131, fatura PDF\u2019i, \u00f6zge\u00e7mi\u015f veya destek bileti eki\u2026 Senaryo ne olursa olsun, kullan\u0131c\u0131dan gelen her dosya potansiyel bir sald\u0131r\u0131 vekt\u00f6r\u00fcd\u00fcr. \u00d6zellikle ayn\u0131 fiziksel sunucuda birden fazla hesab\u0131n bulundu\u011fu payla\u015f\u0131ml\u0131 hosting ortamlar\u0131nda, k\u00fc\u00e7\u00fck bir g\u00fcvenlik [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4002,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-4001","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/4001","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=4001"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/4001\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/4002"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=4001"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=4001"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=4001"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}