{"id":4776,"date":"2026-02-08T16:22:28","date_gmt":"2026-02-08T13:22:28","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/subdomain-takeover-ve-bosta-kalan-dns-kayitlari-alan-adi-guvenligi-marka-ve-seo-riskleri\/"},"modified":"2026-02-08T16:22:28","modified_gmt":"2026-02-08T13:22:28","slug":"subdomain-takeover-ve-bosta-kalan-dns-kayitlari-alan-adi-guvenligi-marka-ve-seo-riskleri","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/subdomain-takeover-ve-bosta-kalan-dns-kayitlari-alan-adi-guvenligi-marka-ve-seo-riskleri\/","title":{"rendered":"Subdomain Takeover ve Bo\u015fta Kalan DNS Kay\u0131tlar\u0131: Alan Ad\u0131 G\u00fcvenli\u011fi, Marka ve SEO Riskleri"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#Subdomain_Takeover_ve_Bosta_Kalan_DNS_Kayitlari_Neden_Bu_Kadar_Kritik\"><span class=\"toc_number toc_depth_1\">1<\/span> Subdomain Takeover ve Bo\u015fta Kalan DNS Kay\u0131tlar\u0131 Neden Bu Kadar Kritik?<\/a><\/li><li><a href=\"#Subdomain_Takeover_Nedir\"><span class=\"toc_number toc_depth_1\">2<\/span> Subdomain Takeover Nedir?<\/a><\/li><li><a href=\"#Bosta_Kalan_Dangling_DNS_Kayitlari_Nasil_Olusur\"><span class=\"toc_number toc_depth_1\">3<\/span> Bo\u015fta Kalan (Dangling) DNS Kay\u0131tlar\u0131 Nas\u0131l Olu\u015fur?<\/a><ul><li><a href=\"#1_Gecici_Projeler_ve_Kampanyalar\"><span class=\"toc_number toc_depth_2\">3.1<\/span> 1. Ge\u00e7ici Projeler ve Kampanyalar<\/a><\/li><li><a href=\"#2_Staging_ve_Test_Ortamlari\"><span class=\"toc_number toc_depth_2\">3.2<\/span> 2. Staging ve Test Ortamlar\u0131<\/a><\/li><li><a href=\"#3_Ucuncu_Parti_SaaS_Entegrasyonlari\"><span class=\"toc_number toc_depth_2\">3.3<\/span> 3. \u00dc\u00e7\u00fcnc\u00fc Parti SaaS Entegrasyonlar\u0131<\/a><\/li><li><a href=\"#4_Bulut_VPS_Gecisleri_ve_IP_Degisiklikleri\"><span class=\"toc_number toc_depth_2\">3.4<\/span> 4. Bulut \/ VPS Ge\u00e7i\u015fleri ve IP De\u011fi\u015fiklikleri<\/a><\/li><li><a href=\"#5_Yetkisiz_veya_Unutulmus_NS_Delege_Edilmeleri\"><span class=\"toc_number toc_depth_2\">3.5<\/span> 5. Yetkisiz veya Unutulmu\u015f NS Delege Edilmeleri<\/a><\/li><\/ul><\/li><li><a href=\"#Subdomain_Takeoverin_Guvenlik_Riskleri\"><span class=\"toc_number toc_depth_1\">4<\/span> Subdomain Takeover\u2019\u0131n G\u00fcvenlik Riskleri<\/a><ul><li><a href=\"#1_Phishing_ve_Kimlik_Avi_Saldirilari\"><span class=\"toc_number toc_depth_2\">4.1<\/span> 1. Phishing ve Kimlik Av\u0131 Sald\u0131r\u0131lar\u0131<\/a><\/li><li><a href=\"#2_Zararli_Yazilim_ve_Exploit_Yayini\"><span class=\"toc_number toc_depth_2\">4.2<\/span> 2. Zararl\u0131 Yaz\u0131l\u0131m ve Exploit Yay\u0131n\u0131<\/a><\/li><li><a href=\"#3_Oturum_Session_ve_Cerez_Guvenligi\"><span class=\"toc_number toc_depth_2\">4.3<\/span> 3. Oturum (Session) ve \u00c7erez G\u00fcvenli\u011fi<\/a><\/li><li><a href=\"#4_OAuth_Redirect_URI_ve_Call-back_Istismarlari\"><span class=\"toc_number toc_depth_2\">4.4<\/span> 4. OAuth Redirect URI ve Call-back \u0130stismarlar\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#Marka_Itibar_ve_Hukuki_Riskler\"><span class=\"toc_number toc_depth_1\">5<\/span> Marka, \u0130tibar ve Hukuki Riskler<\/a><\/li><li><a href=\"#SEO_ve_Organik_Trafik_Uzerindeki_Etkiler\"><span class=\"toc_number toc_depth_1\">6<\/span> SEO ve Organik Trafik \u00dczerindeki Etkiler<\/a><ul><li><a href=\"#1_Spam_Icerik_ve_Manuel_Islemler\"><span class=\"toc_number toc_depth_2\">6.1<\/span> 1. Spam \u0130\u00e7erik ve Manuel \u0130\u015flemler<\/a><\/li><li><a href=\"#2_Link_Profili_Kirliligi\"><span class=\"toc_number toc_depth_2\">6.2<\/span> 2. Link Profili Kirlili\u011fi<\/a><\/li><li><a href=\"#3_Site_Haritalari_Canonical_ve_Ic_Linkleme\"><span class=\"toc_number toc_depth_2\">6.3<\/span> 3. Site Haritalar\u0131, Canonical ve \u0130\u00e7 Linkleme<\/a><\/li><li><a href=\"#4_Guvenlik_Uyarilari_ve_Tiklama_Oranlari\"><span class=\"toc_number toc_depth_2\">6.4<\/span> 4. G\u00fcvenlik Uyar\u0131lar\u0131 ve T\u0131klama Oranlar\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#Gercekci_Senaryolar_Ajans_SaaS_ve_Kurumsal_Yapilar\"><span class=\"toc_number toc_depth_1\">7<\/span> Ger\u00e7ek\u00e7i Senaryolar: Ajans, SaaS ve Kurumsal Yap\u0131lar<\/a><ul><li><a href=\"#Senaryo_1_Kampanya_Subdomaini_Unutan_Ajans\"><span class=\"toc_number toc_depth_2\">7.1<\/span> Senaryo 1: Kampanya Subdomain\u2019i Unutan Ajans<\/a><\/li><li><a href=\"#Senaryo_2_SaaS_Uygulamasinda_Musteri_Alt_Alan_Adlari\"><span class=\"toc_number toc_depth_2\">7.2<\/span> Senaryo 2: SaaS Uygulamas\u0131nda M\u00fc\u015fteri Alt Alan Adlar\u0131<\/a><\/li><li><a href=\"#Senaryo_3_Kurumsal_ITde_Staging_Ortamlarinin_Temizlenmemesi\"><span class=\"toc_number toc_depth_2\">7.3<\/span> Senaryo 3: Kurumsal IT\u2019de Staging Ortamlar\u0131n\u0131n Temizlenmemesi<\/a><\/li><\/ul><\/li><li><a href=\"#Riskleri_Azaltmak_Icin_Teknik_ve_Operasyonel_Stratejiler\"><span class=\"toc_number toc_depth_1\">8<\/span> Riskleri Azaltmak \u0130\u00e7in Teknik ve Operasyonel Stratejiler<\/a><ul><li><a href=\"#1_DNS_Envanteri_ve_Etiketleme\"><span class=\"toc_number toc_depth_2\">8.1<\/span> 1. DNS Envanteri ve Etiketleme<\/a><\/li><li><a href=\"#2_Yasam_Dongusu_Lifecycle_ve_Otomatik_Temizlik\"><span class=\"toc_number toc_depth_2\">8.2<\/span> 2. Ya\u015fam D\u00f6ng\u00fcs\u00fc (Lifecycle) ve Otomatik Temizlik<\/a><\/li><li><a href=\"#3_Duzenli_Tarama_Bosta_Kalan_Kayit_Avi\"><span class=\"toc_number toc_depth_2\">8.3<\/span> 3. D\u00fczenli Tarama: Bo\u015fta Kalan Kay\u0131t Av\u0131<\/a><\/li><li><a href=\"#4_TTL_Stratejisi_ve_Hizli_Mudahale\"><span class=\"toc_number toc_depth_2\">8.4<\/span> 4. TTL Stratejisi ve H\u0131zl\u0131 M\u00fcdahale<\/a><\/li><li><a href=\"#5_Erisim_Yetkileri_ve_Is_Akislari\"><span class=\"toc_number toc_depth_2\">8.5<\/span> 5. Eri\u015fim Yetkileri ve \u0130\u015f Ak\u0131\u015flar\u0131<\/a><\/li><li><a href=\"#6_Alan_Adi_Guvenligini_Tamamlayici_Onlemler\"><span class=\"toc_number toc_depth_2\">8.6<\/span> 6. Alan Ad\u0131 G\u00fcvenli\u011fini Tamamlay\u0131c\u0131 \u00d6nlemler<\/a><\/li><\/ul><\/li><li><a href=\"#DCHost_Tarafinda_Nasil_Yaklasiyoruz\"><span class=\"toc_number toc_depth_1\">9<\/span> DCHost Taraf\u0131nda Nas\u0131l Yakla\u015f\u0131yoruz?<\/a><\/li><li><a href=\"#Adim_Adim_Kontrol_Listesi_Subdomain_Takeover_Riskini_Hizlica_Tarayin\"><span class=\"toc_number toc_depth_1\">10<\/span> Ad\u0131m Ad\u0131m Kontrol Listesi: Subdomain Takeover Riskini H\u0131zl\u0131ca Taray\u0131n<\/a><\/li><li><a href=\"#Sonuc_Alan_Adinizi_Korumak_Trafiginizi_ve_Markanizi_Korumaktir\"><span class=\"toc_number toc_depth_1\">11<\/span> Sonu\u00e7: Alan Ad\u0131n\u0131z\u0131 Korumak, Trafi\u011finizi ve Markan\u0131z\u0131 Korumakt\u0131r<\/a><\/li><\/ul><\/div>\n<h2><span id=\"Subdomain_Takeover_ve_Bosta_Kalan_DNS_Kayitlari_Neden_Bu_Kadar_Kritik\">Subdomain Takeover ve Bo\u015fta Kalan DNS Kay\u0131tlar\u0131 Neden Bu Kadar Kritik?<\/span><\/h2>\n<p>DNS taraf\u0131nda yap\u0131lan k\u00fc\u00e7\u00fck bir ihmalin, do\u011frudan markan\u0131z\u0131n alan ad\u0131nda sald\u0131rganlara web sitesi a\u00e7ma imk\u00e2n\u0131 verdi\u011fini d\u00fc\u015f\u00fcn\u00fcn. Ne sunucunuz hacklenmi\u015f, ne de panel \u015fifreniz \u00e7al\u0131nm\u0131\u015f; sadece zaman\u0131nda temizlenmemi\u015f bir DNS kayd\u0131 y\u00fcz\u00fcnden bir alt alan ad\u0131n\u0131z (subdomain) tamamen ba\u015fkalar\u0131n\u0131n kontrol\u00fcne ge\u00e7mi\u015f durumda. \u0130\u015fte <strong>subdomain takeover<\/strong> tam olarak bu tabloyu ifade ediyor ve son y\u0131llarda hem g\u00fcvenlik hem de SEO d\u00fcnyas\u0131nda en \u00e7ok konu\u015fulan risklerden biri haline geldi.<\/p>\n<p>DCHost\u2019ta yeni projelerin planlama toplant\u0131lar\u0131nda art\u0131k sadece CPU, RAM ve trafik tahminlerini de\u011fil; hangi subdomain\u2019in nerede, ne kadar s\u00fcreyle ya\u015fayaca\u011f\u0131n\u0131, DNS kay\u0131tlar\u0131n\u0131n ya\u015fam d\u00f6ng\u00fcs\u00fcn\u00fc ve olas\u0131 takeover risklerini de masaya yat\u0131r\u0131yoruz. \u00c7\u00fcnk\u00fc \u00f6zellikle ajanslar, SaaS projeleri, kampanya siteleri ve \u00e7ok say\u0131da alt alan ad\u0131na sahip kurumsal yap\u0131lar i\u00e7in bo\u015fta kalan DNS kay\u0131tlar\u0131; <strong>alan ad\u0131 g\u00fcvenli\u011fi, marka itibar\u0131 ve organik trafik<\/strong> a\u00e7\u0131s\u0131ndan ciddi bir sald\u0131r\u0131 y\u00fczeyi olu\u015fturuyor.<\/p>\n<p>Bu yaz\u0131da, subdomain takeover\u2019\u0131n ne oldu\u011funu, bo\u015fta kalan DNS kay\u0131tlar\u0131n\u0131n nas\u0131l ortaya \u00e7\u0131kt\u0131\u011f\u0131n\u0131, bunun marka ve SEO\u2019ya ger\u00e7ek etkilerini ve DCHost taraf\u0131nda benimsedi\u011fimiz pratik \u00f6nleme stratejilerini ad\u0131m ad\u0131m anlataca\u011f\u0131z.<\/p>\n<h2><span id=\"Subdomain_Takeover_Nedir\">Subdomain Takeover Nedir?<\/span><\/h2>\n<p><strong>Subdomain takeover<\/strong>, bir alt alan ad\u0131n\u0131z\u0131n (\u00f6rne\u011fin <code>blog.ornek.com<\/code>) DNS kay\u0131tlar\u0131 h\u00e2l\u00e2 sizin zon dosyan\u0131zda dururken, bu kayd\u0131n i\u015faret etti\u011fi altyap\u0131n\u0131n art\u0131k sizin kontrol\u00fcn\u00fczde olmamas\u0131 ve sald\u0131rganlar\u0131n bu bo\u015flu\u011fu kullanarak alt alan ad\u0131n\u0131z\u0131 ele ge\u00e7irmesi anlam\u0131na gelir.<\/p>\n<p>Klasik senaryo \u015f\u00f6yle geli\u015fir:<\/p>\n<ul>\n<li>Projeye ba\u015flarken <code>kampanya2024.ornek.com<\/code> i\u00e7in bir \u00fc\u00e7\u00fcnc\u00fc parti hizmete veya ge\u00e7ici bir sunucuya CNAME \/ A kayd\u0131 verirsiniz.<\/li>\n<li>Kampanya biter, sunucuyu silersiniz veya ilgili SaaS hesab\u0131n\u0131z\u0131 kapat\u0131rs\u0131n\u0131z.<\/li>\n<li>Ancak DNS kayd\u0131n\u0131 unutursunuz; yani subdomain h\u00e2l\u00e2 o servis veya IP adresine i\u015faret eder.<\/li>\n<li>Sald\u0131rgan, o servis \u00fczerinde ayn\u0131 isimle yeni bir kaynak olu\u015fturabilir ya da terk edilmi\u015f IP aral\u0131\u011f\u0131n\u0131 kullanarak i\u00e7eri\u011fini yay\u0131nlar.<\/li>\n<li>Sonu\u00e7: <code>kampanya2024.ornek.com<\/code> tamamen sald\u0131rgan taraf\u0131ndan y\u00f6netilen, ama sizin alan ad\u0131n\u0131z alt\u0131nda g\u00f6r\u00fcnen bir siteye d\u00f6n\u00fc\u015f\u00fcr.<\/li>\n<\/ul>\n<p>Buradaki kritik nokta, <strong>ana alan ad\u0131n\u0131z\u0131n h\u00e2l\u00e2 size ait olmas\u0131<\/strong>. Kullan\u0131c\u0131lar g\u00f6z\u00fcnde bu subdomain, markan\u0131z\u0131n bir par\u00e7as\u0131 olarak alg\u0131lan\u0131r. Taray\u0131c\u0131 adres \u00e7ubu\u011funda alan ad\u0131n\u0131z g\u00f6r\u00fcn\u00fcr; SSL sertifikan\u0131z yenilenmi\u015f olabilir; hatta HSTS ve di\u011fer g\u00fcvenlik ba\u015fl\u0131klar\u0131n\u0131z aktif olabilir. Buna ra\u011fmen i\u00e7erik, sizin kontrol etmedi\u011finiz, sald\u0131rgan\u0131n y\u00f6netti\u011fi bir kaynaktan gelir.<\/p>\n<h2><span id=\"Bosta_Kalan_Dangling_DNS_Kayitlari_Nasil_Olusur\">Bo\u015fta Kalan (Dangling) DNS Kay\u0131tlar\u0131 Nas\u0131l Olu\u015fur?<\/span><\/h2>\n<p>Subdomain takeover\u2019\u0131n temel sebebi, teknik literat\u00fcrde <strong>dangling DNS records<\/strong> olarak ge\u00e7en, T\u00fcrk\u00e7e\u2019de de yayg\u0131nla\u015fan tabiriyle <strong>bo\u015fta kalan DNS kay\u0131tlar\u0131d\u0131r<\/strong>. Yani DNS taraf\u0131nda h\u00e2l\u00e2 var olan, ama i\u015faret etti\u011fi hedefi art\u0131k kontrol etmedi\u011finiz kay\u0131tlar.<\/p>\n<p>Bu kay\u0131tlar bir\u00e7ok \u015fekilde ortaya \u00e7\u0131kar:<\/p>\n<h3><span id=\"1_Gecici_Projeler_ve_Kampanyalar\">1. Ge\u00e7ici Projeler ve Kampanyalar<\/span><\/h3>\n<ul>\n<li>Kampanya veya lansman i\u00e7in a\u00e7\u0131lan k\u0131sa s\u00fcreli alt alan adlar\u0131: <code>kampanya.ornek.com<\/code>, <code>blackfriday.ornek.com<\/code> gibi.<\/li>\n<li>Kampanya bitince sunucu veya \u00fc\u00e7\u00fcnc\u00fc parti hizmet kapat\u0131l\u0131r, ama DNS kay\u0131tlar\u0131 silinmez.<\/li>\n<\/ul>\n<h3><span id=\"2_Staging_ve_Test_Ortamlari\">2. Staging ve Test Ortamlar\u0131<\/span><\/h3>\n<ul>\n<li><code>staging.ornek.com<\/code>, <code>test.ornek.com<\/code>, <code>dev.ornek.com<\/code> gibi ortamlar s\u0131k sunucu de\u011fi\u015ftirir.<\/li>\n<li>Eski <a href=\"https:\/\/www.dchost.com\/tr\/vps\">VPS<\/a>\/<a href=\"https:\/\/www.dchost.com\/tr\/fiziksel-sunucu\">dedicated sunucu<\/a>lar kapat\u0131l\u0131rken, DNS taraf\u0131nda temizlik yap\u0131lmaz.<\/li>\n<\/ul>\n<h3><span id=\"3_Ucuncu_Parti_SaaS_Entegrasyonlari\">3. \u00dc\u00e7\u00fcnc\u00fc Parti SaaS Entegrasyonlar\u0131<\/span><\/h3>\n<ul>\n<li>E-posta pazarlama, landing page, helpdesk, statik site ve benzeri SaaS \u00fcr\u00fcnleri i\u00e7in CNAME ile subdomain y\u00f6nlendirilir.<\/li>\n<li>Abonelik iptal edildi\u011finde, SaaS taraf\u0131ndaki kaynak silinir ama DNS kayd\u0131 kal\u0131r.<\/li>\n<\/ul>\n<h3><span id=\"4_Bulut_VPS_Gecisleri_ve_IP_Degisiklikleri\">4. Bulut \/ VPS Ge\u00e7i\u015fleri ve IP De\u011fi\u015fiklikleri<\/span><\/h3>\n<ul>\n<li>Sunucu ta\u015f\u0131ma veya IPv4 tasarrufu i\u00e7in IP de\u011fi\u015ftirirken eski IP i\u00e7in tan\u0131ml\u0131 A\/AAAA kay\u0131tlar\u0131 b\u0131rak\u0131l\u0131r.<\/li>\n<li>IP blo\u011fu art\u0131k size ait de\u011fildir; ba\u015fka birine tahsis edildi\u011finde, \u00fczerinde yay\u0131n yapan farkl\u0131 bir site g\u00f6r\u00fcnmeye ba\u015flar.<\/li>\n<\/ul>\n<h3><span id=\"5_Yetkisiz_veya_Unutulmus_NS_Delege_Edilmeleri\">5. Yetkisiz veya Unutulmu\u015f NS Delege Edilmeleri<\/span><\/h3>\n<ul>\n<li>Baz\u0131 b\u00fcy\u00fck projelerde <code>cdn.ornek.com<\/code> veya <code>app.ornek.com<\/code> i\u00e7in ayr\u0131 bir zon delege edilir.<\/li>\n<li>Bu alt zonu y\u00f6neten nameserver\u2019lar de\u011fi\u015fir ya da kapan\u0131r ama NS kay\u0131tlar\u0131 g\u00fcncellenmez.<\/li>\n<\/ul>\n<p>Bo\u015fta kalan kay\u0131tlar\u0131 anlamak i\u00e7in \u00f6nce temel DNS kay\u0131t t\u00fcrlerini kafada netle\u015ftirmek \u00f6nemli. DNS\u2019e yeni ba\u015flad\u0131ysan\u0131z, <a href='https:\/\/www.dchost.com\/blog\/dns-kayitlari-nedir-a-aaaa-cname-mx-txt-ve-srv-rehberi\/'>DNS kay\u0131t t\u00fcrleri (A, CNAME, MX, TXT vb.) hakk\u0131nda detayl\u0131 rehberimiz<\/a> iyi bir temel sa\u011flayacakt\u0131r. Ayr\u0131ca, sahada en s\u0131k g\u00f6rd\u00fc\u011f\u00fcm\u00fcz yanl\u0131\u015flar\u0131 <a href='https:\/\/www.dchost.com\/blog\/en-sik-yapilan-dns-hatalari-web-sitesi-ve-e-postayi-ucurmadan-once-kontrol-etmeniz-gereken-10-kayit\/'>en s\u0131k yap\u0131lan DNS hatalar\u0131 listemiz<\/a> alt\u0131nda derledik; subdomain takeover riski do\u011furan bir\u00e7ok hatan\u0131n orada bire bir kar\u015f\u0131l\u0131\u011f\u0131n\u0131 g\u00f6rebilirsiniz.<\/p>\n<h2><span id=\"Subdomain_Takeoverin_Guvenlik_Riskleri\">Subdomain Takeover\u2019\u0131n G\u00fcvenlik Riskleri<\/span><\/h2>\n<p>Bir subdomain takeover genellikle <strong>g\u00fcvenlik a\u00e7\u0131\u011f\u0131<\/strong> olarak raporlan\u0131r \u00e7\u00fcnk\u00fc sald\u0131rgan\u0131n eline sadece bir alan ad\u0131 de\u011fil, ayn\u0131 zamanda pek \u00e7ok ba\u015fka sald\u0131r\u0131 vekt\u00f6r\u00fc de ge\u00e7mi\u015f olur.<\/p>\n<h3><span id=\"1_Phishing_ve_Kimlik_Avi_Saldirilari\">1. Phishing ve Kimlik Av\u0131 Sald\u0131r\u0131lar\u0131<\/span><\/h3>\n<p>Sald\u0131rganlar, markan\u0131z\u0131n alan ad\u0131n\u0131 kullanarak sahte giri\u015f sayfalar\u0131, \u00f6deme formlar\u0131 veya destek panelleri yay\u0131nlayabilir. Kullan\u0131c\u0131, taray\u0131c\u0131da sizin alan ad\u0131n\u0131z\u0131 g\u00f6rd\u00fc\u011f\u00fc i\u00e7in g\u00fcven duyar; bu da:<\/p>\n<ul>\n<li>Kullan\u0131c\u0131 \u015fifrelerinin \u00e7al\u0131nmas\u0131na,<\/li>\n<li>Kredi kart\u0131 bilgilerinin ele ge\u00e7irilmesine,<\/li>\n<li>M\u00fc\u015fteri hesab\u0131 ele ge\u00e7irmelerine<\/li>\n<\/ul>\n<p>yol a\u00e7abilir. \u00d6zellikle bankac\u0131l\u0131k, e-ticaret ve SaaS projeleri i\u00e7in bu risk, do\u011frudan finansal ve hukuki sonu\u00e7lar do\u011furur.<\/p>\n<h3><span id=\"2_Zararli_Yazilim_ve_Exploit_Yayini\">2. Zararl\u0131 Yaz\u0131l\u0131m ve Exploit Yay\u0131n\u0131<\/span><\/h3>\n<p>Sald\u0131rgan, ele ge\u00e7irdi\u011fi subdomain alt\u0131nda zararl\u0131 yaz\u0131l\u0131mlar da\u011f\u0131tabilir, taray\u0131c\u0131 exploit\u2019leri bar\u0131nd\u0131rabilir veya reklam a\u011flar\u0131 \u00fczerinden kullan\u0131c\u0131lar\u0131 ba\u015fka sitelere y\u00f6nlendirebilir. Bu durumda:<\/p>\n<ul>\n<li>Antivir\u00fcs ve g\u00fcvenlik yaz\u0131l\u0131mlar\u0131 alan ad\u0131n\u0131z\u0131 kara listeye alabilir,<\/li>\n<li>Taray\u0131c\u0131lar siteniz i\u00e7in uyar\u0131 g\u00f6stermeye ba\u015flayabilir,<\/li>\n<li>Kurumsal a\u011flar, alan ad\u0131n\u0131z\u0131 tamamen engelleyebilir.<\/li>\n<\/ul>\n<h3><span id=\"3_Oturum_Session_ve_Cerez_Guvenligi\">3. Oturum (Session) ve \u00c7erez G\u00fcvenli\u011fi<\/span><\/h3>\n<p>Bir\u00e7ok uygulama, cookie alan\u0131n\u0131 <code>.ornek.com<\/code> \u015feklinde <strong>t\u00fcm alan ad\u0131na yay\u0131lm\u0131\u015f<\/strong> \u015fekilde ayarlar. B\u00f6yle bir durumda, ele ge\u00e7irilmi\u015f bir subdomain \u015fu riskleri do\u011furabilir:<\/p>\n<ul>\n<li>JavaScript ile taray\u0131c\u0131daki \u00e7erezlerin okunmas\u0131 (uygun flag\u2019ler set edilmemi\u015fse),<\/li>\n<li>Oturum \u00e7erezlerinin \u00e7al\u0131nmas\u0131 ve kullan\u0131c\u0131 oturumu ele ge\u00e7irilmesi,<\/li>\n<li>CSRF veya XSS zincirlerinin kolayla\u015fmas\u0131.<\/li>\n<\/ul>\n<p>Bu noktada HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131n\u0131n (CSP, HSTS, X-Frame-Options vb.) do\u011fru ayar\u0131 da kritik. Daha \u00f6nce <a href='https:\/\/www.dchost.com\/blog\/http-guvenlik-basliklari-rehberi-shared-hosting-ve-vpste-csp-hsts-x-frame-options-ve-digerleri-nasil-ayarlanir\/'>HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131 rehberimizde<\/a> detayland\u0131rd\u0131\u011f\u0131m\u0131z gibi, g\u00fcvenlik ba\u015fl\u0131klar\u0131yla alan ad\u0131 politikan\u0131z uyumlu de\u011filse, takeover edilen bir subdomain t\u00fcm bu savunmalar\u0131 dolanmak i\u00e7in kullan\u0131labilir.<\/p>\n<h3><span id=\"4_OAuth_Redirect_URI_ve_Call-back_Istismarlari\">4. OAuth Redirect URI ve Call-back \u0130stismarlar\u0131<\/span><\/h3>\n<p>Bir\u00e7ok OAuth \/ SSO entegrasyonunda <code>redirect_uri<\/code> veya benzeri call-back adresleri subdomain olarak tan\u0131mlan\u0131r. E\u011fer bu subdomain takeover\u2019a a\u00e7\u0131ksa, sald\u0131rgan:<\/p>\n<ul>\n<li>OAuth token\u2019lar\u0131n\u0131 ele ge\u00e7irebilir,<\/li>\n<li>Kullan\u0131c\u0131y\u0131 oturum a\u00e7m\u0131\u015f halde farkl\u0131 bir hesaba y\u00f6nlendirebilir,<\/li>\n<li>\u00dc\u00e7\u00fcnc\u00fc parti entegrasyonlar\u0131n\u0131z\u0131 suistimal edebilir.<\/li>\n<\/ul>\n<h2><span id=\"Marka_Itibar_ve_Hukuki_Riskler\">Marka, \u0130tibar ve Hukuki Riskler<\/span><\/h2>\n<p>Teknik a\u00e7\u0131dan bak\u0131ld\u0131\u011f\u0131nda takeover \u201csadece bir DNS hatas\u0131\u201d gibi g\u00f6r\u00fcnse de, y\u00f6netim seviyesinde tablo \u00e7ok daha a\u011f\u0131rd\u0131r:<\/p>\n<ul>\n<li><strong>Marka itibar\u0131 zedelenir:<\/strong> Kullan\u0131c\u0131lar i\u00e7in alt alan ad\u0131n\u0131n kime ait oldu\u011fu de\u011fil, ana alan ad\u0131n\u0131n kim oldu\u011fu \u00f6nemlidir. Bir kez k\u00f6t\u00fc deneyim ya\u015fayan ziyaret\u00e7i geri d\u00f6nmeyebilir.<\/li>\n<li><strong>Hukuki sorumluluk do\u011fabilir:<\/strong> Sald\u0131rgan sizin alan ad\u0131n\u0131z \u00fczerinden doland\u0131r\u0131c\u0131l\u0131k yaparsa, ma\u011fdur kullan\u0131c\u0131lar ilk olarak markan\u0131za d\u00f6ner.<\/li>\n<li><strong>Kurumsal i\u015f ortakl\u0131klar\u0131 etkilenir:<\/strong> G\u00fcvenlik skoru d\u00fc\u015fen bir alan ad\u0131, entegrasyonlarda soru i\u015faretleri yarat\u0131r.<\/li>\n<\/ul>\n<p>Ajans taraf\u0131nda ise durum daha da hassas. M\u00fc\u015fteri ad\u0131na alan ad\u0131, hosting ve DNS y\u00f6neten ajanslar i\u00e7in takeover, s\u00f6zle\u015fmesel sorumluluk do\u011furabilecek b\u00fcy\u00fck bir hatad\u0131r. Bu nedenle ajans m\u00fc\u015fterilerimiz i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/ajanslar-icin-dns-ve-alan-adi-erisimi-yonetimi\/'>ajanslar i\u00e7in DNS ve alan ad\u0131 eri\u015fimi y\u00f6netimi rehberimizde<\/a> s\u00fcre\u00e7 ve yetki tasar\u0131m\u0131na \u00f6zellikle vurgu yap\u0131yoruz.<\/p>\n<h2><span id=\"SEO_ve_Organik_Trafik_Uzerindeki_Etkiler\">SEO ve Organik Trafik \u00dczerindeki Etkiler<\/span><\/h2>\n<p>Subdomain takeover\u2019\u0131n SEO taraf\u0131ndaki etkileri \u00e7o\u011fu zaman ge\u00e7 fark edilir ve uzun vadeli hasar b\u0131rakabilir.<\/p>\n<h3><span id=\"1_Spam_Icerik_ve_Manuel_Islemler\">1. Spam \u0130\u00e7erik ve Manuel \u0130\u015flemler<\/span><\/h3>\n<p>Sald\u0131rgan genellikle takeover edilen subdomain\u2019de spam i\u00e7erik, adult\/gambling sayfalar veya doorway sayfalar yay\u0131nlar. Bunun sonu\u00e7lar\u0131:<\/p>\n<ul>\n<li>Arama motorlar\u0131 taraf\u0131nda <strong>manuel spam i\u015flemleri<\/strong>,<\/li>\n<li>G\u00fcvensiz site \/ zararl\u0131 i\u00e7erik uyar\u0131lar\u0131,<\/li>\n<li>Marka aramalar\u0131nda istenmeyen sonu\u00e7lar\u0131n g\u00f6r\u00fcnmesi<\/li>\n<\/ul>\n<p>\u015feklinde ortaya \u00e7\u0131kar. Teknik g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kapatsan\u0131z bile, algoritmik veya manuel cezalar\u0131n temizlenmesi, itibar\u0131n geri kazan\u0131lmas\u0131 zaman al\u0131r.<\/p>\n<h3><span id=\"2_Link_Profili_Kirliligi\">2. Link Profili Kirlili\u011fi<\/span><\/h3>\n<p>Y\u0131llar i\u00e7inde in\u015fa etti\u011finiz backlink\u2019lerin bir k\u0131sm\u0131 alt alan adlar\u0131na gidiyor olabilir: <code>blog.ornek.com<\/code>, <code>docs.ornek.com<\/code>, <code>status.ornek.com<\/code> gibi. Bu subdomain takeover\u2019a u\u011frad\u0131\u011f\u0131nda:<\/p>\n<ul>\n<li>Otorite sinyalleriniz spam i\u00e7eriklere akmaya ba\u015flar,<\/li>\n<li>\u0130lgili alt alan ad\u0131na giden linkler disavow s\u00fcrecine girebilir,<\/li>\n<li>Marka ile ba\u011flant\u0131l\u0131 aramalarda istenmeyen sayfalar \u00fcst s\u0131ralara \u00e7\u0131kabilir.<\/li>\n<\/ul>\n<h3><span id=\"3_Site_Haritalari_Canonical_ve_Ic_Linkleme\">3. Site Haritalar\u0131, Canonical ve \u0130\u00e7 Linkleme<\/span><\/h3>\n<p>E\u011fer takeover edilen subdomain\u2019i zaman\u0131nda sildiyseniz, ama sitemap.xml veya i\u00e7 linkler h\u00e2l\u00e2 onu i\u015faret ediyorsa, arama motorlar\u0131 uzun s\u00fcre 404\/5xx yan\u0131tlar\u0131yla kar\u015f\u0131la\u015fabilir. Bu da:<\/p>\n<ul>\n<li>Crawl b\u00fct\u00e7esinin bo\u015fa harcanmas\u0131na,<\/li>\n<li>Site genel kalite sinyallerinin zay\u0131flamas\u0131na,<\/li>\n<li>\u00d6nemli sayfalar\u0131n\u0131z\u0131n daha seyrek taranmas\u0131na<\/li>\n<\/ul>\n<p>sebep olabilir. \u00dcstelik takeover d\u00f6neminde olu\u015fturulmu\u015f <code>rel=\"canonical\"<\/code> veya y\u00f6nlendirmeler varsa, yanl\u0131\u015f URL\u2019lere g\u00fc\u00e7 aktar\u0131m\u0131 s\u00f6z konusu olabilir.<\/p>\n<h3><span id=\"4_Guvenlik_Uyarilari_ve_Tiklama_Oranlari\">4. G\u00fcvenlik Uyar\u0131lar\u0131 ve T\u0131klama Oranlar\u0131<\/span><\/h3>\n<p>Taray\u0131c\u0131 veya g\u00fcvenlik ara\u00e7lar\u0131, takeover edilmi\u015f subdomain\u2019i i\u015faretleyen uyar\u0131lar\u0131 ana alan ad\u0131yla ili\u015fkilendirebilir. Kullan\u0131c\u0131lar\u0131n g\u00f6z\u00fcnde bu fark \u00e7o\u011fu zaman yoktur; marka ad\u0131 = alan ad\u0131 demektir. Bu da:<\/p>\n<ul>\n<li>Organik sonu\u00e7larda t\u0131klama oran\u0131n\u0131n (CTR) d\u00fc\u015fmesine,<\/li>\n<li>Reklam kampanyalar\u0131nda kalite skorlar\u0131n\u0131n etkilenmesine,<\/li>\n<li>Marka aramalar\u0131nda \u201cg\u00fcvenilirlik\u201d alg\u0131s\u0131n\u0131n zay\u0131flamas\u0131na<\/li>\n<\/ul>\n<p>yol a\u00e7abilir.<\/p>\n<h2><span id=\"Gercekci_Senaryolar_Ajans_SaaS_ve_Kurumsal_Yapilar\">Ger\u00e7ek\u00e7i Senaryolar: Ajans, SaaS ve Kurumsal Yap\u0131lar<\/span><\/h2>\n<h3><span id=\"Senaryo_1_Kampanya_Subdomaini_Unutan_Ajans\">Senaryo 1: Kampanya Subdomain\u2019i Unutan Ajans<\/span><\/h3>\n<p>Bir dijital ajans, b\u00fcy\u00fck bir markan\u0131n Black Friday kampanyas\u0131 i\u00e7in <code>bf2024.marka.com<\/code> alt\u0131nda landing page haz\u0131rlar. Sunucu bir VPS \u00fczerinde, DNS kayd\u0131 CNAME ile bu VPS\u2019e y\u00f6nlendirilmi\u015ftir. Kampanya biter, VPS kapat\u0131l\u0131r, ama DNS kayd\u0131 kal\u0131r. Bir s\u00fcre sonra ayn\u0131 IP blo\u011fu ba\u015fka birine tahsis edilir; yeni kullan\u0131c\u0131 o IP \u00fczerine kendi i\u00e7eri\u011fini koyar. Fark\u0131nda olmadan marka, alt alan ad\u0131 \u00fczerinden bamba\u015fka bir siteye trafik y\u00f6nlendirmi\u015f olur. E\u011fer bu s\u00fcreci k\u00f6t\u00fc niyetli biri fark ederse, bilerek takeover senaryosu kurgulanabilir.<\/p>\n<h3><span id=\"Senaryo_2_SaaS_Uygulamasinda_Musteri_Alt_Alan_Adlari\">Senaryo 2: SaaS Uygulamas\u0131nda M\u00fc\u015fteri Alt Alan Adlar\u0131<\/span><\/h3>\n<p>Multi-tenant bir SaaS \u00fcr\u00fcn\u00fc, her m\u00fc\u015fteri i\u00e7in <code>musteriadi.uygulama.com<\/code> veya m\u00fc\u015fterinin kendi alan ad\u0131nda CNAME tan\u0131m\u0131yla \u00e7al\u0131\u015f\u0131r. M\u00fc\u015fteri aboneli\u011fi bittikten sonra uygulama taraf\u0131nda tenant silinir, ama DNS kayd\u0131 m\u00fc\u015fterinin taraf\u0131nda unutulabilir. Bu t\u00fcr senaryolarda takeover riski \u00e7ok daha karma\u015f\u0131k hale gelir. Bu konuyu <a href='https:\/\/www.dchost.com\/blog\/multi-tenant-saas-uygulamalarinda-musteri-alan-adi-yonetimi-dns-ssl-ve-yonlendirme-mimarisi\/'>multi-tenant SaaS uygulamalar\u0131nda m\u00fc\u015fteri alan ad\u0131 y\u00f6netimi rehberimizde<\/a> mimari a\u00e7\u0131dan detayland\u0131rm\u0131\u015ft\u0131k.<\/p>\n<h3><span id=\"Senaryo_3_Kurumsal_ITde_Staging_Ortamlarinin_Temizlenmemesi\">Senaryo 3: Kurumsal IT\u2019de Staging Ortamlar\u0131n\u0131n Temizlenmemesi<\/span><\/h3>\n<p>Kurumsal bir yap\u0131da hem web ekibi hem de yaz\u0131l\u0131m ekibi, s\u0131k s\u0131k yeni staging ortamlar\u0131 a\u00e7ar: <code>v2-staging.ornek.com<\/code>, <code>pilot.ornek.com<\/code> gibi. Proje kapan\u0131rken sunucu silinir, ama DNS kay\u0131tlar\u0131n\u0131 temizlemek i\u00e7in net bir s\u00fcre\u00e7 yoktur. Y\u0131llar i\u00e7inde onlarca unutulmu\u015f alt alan ad\u0131 olu\u015fur. Bu liste, sald\u0131rganlar i\u00e7in adeta bir hediye paketi haline gelir.<\/p>\n<h2><span id=\"Riskleri_Azaltmak_Icin_Teknik_ve_Operasyonel_Stratejiler\">Riskleri Azaltmak \u0130\u00e7in Teknik ve Operasyonel Stratejiler<\/span><\/h2>\n<p>Subdomain takeover tamamen \u00f6nlenebilir bir risktir, ancak bunun i\u00e7in hem teknik \u00f6nlemler hem de s\u00fcre\u00e7 taraf\u0131nda disiplin gerekir.<\/p>\n<h3><span id=\"1_DNS_Envanteri_ve_Etiketleme\">1. DNS Envanteri ve Etiketleme<\/span><\/h3>\n<ul>\n<li>T\u00fcm alan adlar\u0131n\u0131z ve subdomain\u2019leriniz i\u00e7in merkezi bir <strong>DNS envanteri<\/strong> tutun.<\/li>\n<li>Her kay\u0131t i\u00e7in \u201csorumlu ekip\u201d, \u201cama\u00e7\u201d, \u201colu\u015fturulma tarihi\u201d ve \u201cplanlanan ya\u015fam s\u00fcresi\u201d gibi alanlar belirleyin.<\/li>\n<li>Staging \/ test ortamlar\u0131n\u0131 isimlendirme standard\u0131 ile ay\u0131r\u0131n (\u00f6rne\u011fin <code>*.stg.ornek.com<\/code> gibi).<\/li>\n<\/ul>\n<h3><span id=\"2_Yasam_Dongusu_Lifecycle_ve_Otomatik_Temizlik\">2. Ya\u015fam D\u00f6ng\u00fcs\u00fc (Lifecycle) ve Otomatik Temizlik<\/span><\/h3>\n<ul>\n<li>Ge\u00e7ici projeler i\u00e7in DNS kayd\u0131 a\u00e7arken, bizzat kayda bir <strong>son kullanma tarihi<\/strong> not edin.<\/li>\n<li>CI\/CD veya altyap\u0131 otomasyonu kullan\u0131yorsan\u0131z (Terraform, Ansible vb.), DNS kay\u0131tlar\u0131n\u0131n da bu otomasyonun bir par\u00e7as\u0131 olmas\u0131n\u0131 sa\u011flay\u0131n.<\/li>\n<li>Sunucu veya SaaS hesab\u0131 kapat\u0131l\u0131rken, ayn\u0131 i\u015f emri i\u00e7inde DNS kayd\u0131n\u0131n silinmesini zorunlu hale getirin.<\/li>\n<\/ul>\n<h3><span id=\"3_Duzenli_Tarama_Bosta_Kalan_Kayit_Avi\">3. D\u00fczenli Tarama: Bo\u015fta Kalan Kay\u0131t Av\u0131<\/span><\/h3>\n<p>Belirli periyotlarda t\u00fcm subdomain\u2019lerinizi taray\u0131p, a\u015fa\u011f\u0131daki durumlar\u0131 i\u015faretleyecek bir s\u00fcre\u00e7 kurun:<\/p>\n<ul>\n<li>Hedef IP\u2019ye eri\u015filemiyor (timeout \/ connection refused),<\/li>\n<li>Hedef servis \u201ckaynak bulunamad\u0131\u201d benzeri hata d\u00f6n\u00fcyor,<\/li>\n<li>\u00dc\u00e7\u00fcnc\u00fc parti hizmet, kayna\u011f\u0131n silindi\u011fine dair standart bir hata sayfas\u0131 g\u00f6steriyor,<\/li>\n<li>Bekledi\u011finiz <a href=\"https:\/\/www.dchost.com\/tr\/ssl\">SSL sertifikas\u0131<\/a> veya HTTP ba\u015fl\u0131klar\u0131 yerine farkl\u0131 bir yap\u0131 g\u00f6r\u00fcn\u00fcyor.<\/li>\n<\/ul>\n<p>Cloudflare veya cPanel DNS kullanan projeler i\u00e7in, subdomain takeover taramas\u0131n\u0131 pratik \u015fekilde nas\u0131l yapabilece\u011finizi <a href='https:\/\/www.dchost.com\/blog\/subdomain-takeover-ve-bosta-kalan-dns-kayitlari-cloudflare-ve-cpanel-icin-uygulamali-rehber\/'>Cloudflare ve cPanel i\u00e7in uygulamal\u0131 subdomain takeover tarama rehberimizde<\/a> ad\u0131m ad\u0131m anlatt\u0131k. Bu yaz\u0131y\u0131 onun \u00fczerine stratejik bir katman olarak d\u00fc\u015f\u00fcnebilirsiniz.<\/p>\n<h3><span id=\"4_TTL_Stratejisi_ve_Hizli_Mudahale\">4. TTL Stratejisi ve H\u0131zl\u0131 M\u00fcdahale<\/span><\/h3>\n<p>DNS kay\u0131tlar\u0131n\u0131n TTL de\u011ferleri, kriz an\u0131nda ne kadar h\u0131zl\u0131 aksiyon alabilece\u011finizi belirler.<\/p>\n<ul>\n<li>Ge\u00e7ici kampanya ve test subdomain\u2019lerinde TTL\u2019i makul derecede d\u00fc\u015f\u00fck tutarak, yanl\u0131\u015f bir durumda h\u0131zl\u0131ca etkisizle\u015ftirme imk\u00e2n\u0131 kazan\u0131n.<\/li>\n<li>Kal\u0131c\u0131 prod kay\u0131tlar\u0131nda ise TTL daha y\u00fcksek olabilir, ancak takeover riski olan CNAME\/A kay\u0131tlar\u0131n\u0131 periyodik olarak g\u00f6zden ge\u00e7irmeyi unutmay\u0131n.<\/li>\n<\/ul>\n<p>TTL ayarlar\u0131 konusunda daha detayl\u0131 strateji i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/dns-ttl-degerlerini-dogru-ayarlamak-a-mx-cname-ve-txt-kayitlari-icin-stratejik-rehber\/'>DNS TTL de\u011ferlerini do\u011fru ayarlama rehberimize<\/a> g\u00f6z atabilirsiniz.<\/p>\n<h3><span id=\"5_Erisim_Yetkileri_ve_Is_Akislari\">5. Eri\u015fim Yetkileri ve \u0130\u015f Ak\u0131\u015flar\u0131<\/span><\/h3>\n<ul>\n<li>DNS paneline eri\u015fimi, ger\u00e7ekten ihtiyac\u0131 olan ki\u015filerle s\u0131n\u0131rland\u0131r\u0131n.<\/li>\n<li>Ajans veya d\u0131\u015f tedarik\u00e7i \u00e7al\u0131\u015ft\u0131r\u0131yorsan\u0131z, kimin neyi hangi alan ad\u0131 \u00fczerinde de\u011fi\u015ftirebilece\u011fi net olsun.<\/li>\n<li>De\u011fi\u015fiklikler i\u00e7in onay mekanizmas\u0131 ve log tutulmas\u0131 (kim, ne zaman, hangi kayd\u0131 ekledi\/sildi) kritik \u00f6nemdedir.<\/li>\n<\/ul>\n<p>Bu alanda iyi tasarlanm\u0131\u015f bir yetki modeli kurmak i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/ajanslar-icin-dns-ve-alan-adi-erisimi-yonetimi\/'>ajanslar i\u00e7in DNS ve alan ad\u0131 eri\u015fimi y\u00f6netimi rehberimiz<\/a> size pratik bir \u00e7er\u00e7eve sunar.<\/p>\n<h3><span id=\"6_Alan_Adi_Guvenligini_Tamamlayici_Onlemler\">6. Alan Ad\u0131 G\u00fcvenli\u011fini Tamamlay\u0131c\u0131 \u00d6nlemler<\/span><\/h3>\n<p>Subdomain takeover do\u011frudan DNS kay\u0131tlar\u0131 \u00fczerinden ger\u00e7ekle\u015fse de, genel alan ad\u0131 g\u00fcvenli\u011fi mimarinizin g\u00fc\u00e7l\u00fc olmas\u0131 sald\u0131r\u0131 y\u00fczeyini daralt\u0131r:<\/p>\n<ul>\n<li>Registrar lock ve transfer kilidi kullan\u0131n.<\/li>\n<li>M\u00fcmk\u00fcnse DNSSEC etkinle\u015ftirin.<\/li>\n<li>Alan ad\u0131 ve DNS hesab\u0131 giri\u015flerinde mutlaka 2FA kullan\u0131n.<\/li>\n<\/ul>\n<p>Bu ba\u015fl\u0131klar\u0131n t\u00fcm\u00fcn\u00fc, alan ad\u0131n\u0131z\u0131 u\u00e7tan uca korumak i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/alan-adi-guvenligi-rehberi-registrar-lock-dnssec-whois-gizliligi-ve-2fa\/'>alan ad\u0131 g\u00fcvenli\u011fi rehberimizde<\/a> detayl\u0131 \u015fekilde ele ald\u0131k.<\/p>\n<h2><span id=\"DCHost_Tarafinda_Nasil_Yaklasiyoruz\">DCHost Taraf\u0131nda Nas\u0131l Yakla\u015f\u0131yoruz?<\/span><\/h2>\n<p>DCHost olarak alan ad\u0131, DNS, hosting, VPS, dedicated sunucu ve colocation hizmetlerimizi sunarken, subdomain takeover ve bo\u015fta kalan DNS kay\u0131tlar\u0131n\u0131 sadece \u201cg\u00fcvenlik ekibinin meselesi\u201d de\u011fil, ayn\u0131 zamanda <strong>altyap\u0131 tasar\u0131m\u0131 ve operasyonel s\u00fcre\u00e7 meselesi<\/strong> olarak ele al\u0131yoruz.<\/p>\n<ul>\n<li>Yeni bir domain veya DNS zonu a\u00e7\u0131l\u0131rken, m\u00fc\u015fterilerimize subdomain planlamas\u0131 ve isimlendirme konusunda dan\u0131\u015fmanl\u0131k veriyoruz.<\/li>\n<li>VPS veya dedicated sunucu ta\u015f\u0131ma \/ IP de\u011fi\u015fikli\u011fi s\u00fcre\u00e7lerinde, eski kay\u0131tlar\u0131n temizlenmesi i\u00e7in kontrol listeleri kullan\u0131yoruz.<\/li>\n<li>Ajans ve \u00e7oklu domain y\u00f6neten m\u00fc\u015fterilerimize, DNS eri\u015fim yetkilerini b\u00f6lerek takeover riskini azaltan yap\u0131 \u00f6neriyoruz.<\/li>\n<li>Talep eden m\u00fc\u015fteriler i\u00e7in DNS zon analizi yaparak, olas\u0131 bo\u015fta kalan kay\u0131tlar\u0131 raporlay\u0131p temizliyoruz.<\/li>\n<\/ul>\n<p>\u00d6zellikle \u00e7ok say\u0131da alt alan ad\u0131na sahip kurumsal yap\u0131lar ve ajanslar i\u00e7in, alan ad\u0131 portf\u00f6y\u00fc ve DNS mimarisinin ilk g\u00fcnden itibaren do\u011fru kurulmas\u0131, ileride olu\u015fabilecek takeover risklerini ciddi \u015fekilde azalt\u0131yor.<\/p>\n<h2><span id=\"Adim_Adim_Kontrol_Listesi_Subdomain_Takeover_Riskini_Hizlica_Tarayin\">Ad\u0131m Ad\u0131m Kontrol Listesi: Subdomain Takeover Riskini H\u0131zl\u0131ca Taray\u0131n<\/span><\/h2>\n<p>Kendi alan adlar\u0131n\u0131z i\u00e7in hemen bug\u00fcn uygulayabilece\u011finiz pratik bir kontrol listesi:<\/p>\n<ol>\n<li>T\u00fcm alan adlar\u0131n\u0131z\u0131 ve subdomain\u2019lerinizi listeleyin (DNS panelinden export alabilirsiniz).<\/li>\n<li>CNAME ve A\/AAAA kay\u0131tlar\u0131n\u0131 ayr\u0131 bir listeye \u00e7\u0131kart\u0131n.<\/li>\n<li>Bu kay\u0131tlar\u0131n i\u015faret etti\u011fi IP veya host\u2019lara tek tek HTTP\/HTTPS iste\u011fi atarak:<\/li>\n<ul>\n<li>Hata sayfas\u0131 m\u0131 d\u00f6n\u00fcyor?<\/li>\n<li>Kaynak bulunamad\u0131 \/ hesap yok uyar\u0131s\u0131 m\u0131 var?<\/li>\n<li>Bekledi\u011finiz i\u00e7erik ve SSL sertifikas\u0131yla m\u0131 kar\u015f\u0131la\u015f\u0131yorsunuz?<\/li>\n<\/ul>\n<li>\u00dc\u00e7\u00fcnc\u00fc parti SaaS hizmetleri i\u00e7in, ilgili hesaplar\u0131n ger\u00e7ekten aktif olup olmad\u0131\u011f\u0131n\u0131 kontrol edin.<\/li>\n<li>Staging \/ test \/ kampanya subdomain\u2019lerini g\u00f6zden ge\u00e7irip ihtiya\u00e7 olmayanlar\u0131 tamamen silin.<\/li>\n<li>Son olarak, bu s\u00fcreci bir defaya mahsus de\u011fil, <strong>periyodik<\/strong> (\u00f6rne\u011fin 3 ayda bir) yap\u0131lacak bir g\u00fcvenlik rutini haline getirin.<\/li>\n<\/ol>\n<p>Bu manuel kontrol\u00fc yapt\u0131ktan sonra, daha otomatik ve kapsaml\u0131 bir yakla\u015f\u0131m i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/subdomain-takeover-ve-bosta-kalan-dns-kayitlari-cloudflare-ve-cpanel-icin-uygulamali-rehber\/'>Cloudflare ve cPanel i\u00e7in haz\u0131rlad\u0131\u011f\u0131m\u0131z uygulamal\u0131 subdomain takeover rehberini<\/a> de s\u00fcre\u00e7lerinize entegre edebilirsiniz.<\/p>\n<h2><span id=\"Sonuc_Alan_Adinizi_Korumak_Trafiginizi_ve_Markanizi_Korumaktir\">Sonu\u00e7: Alan Ad\u0131n\u0131z\u0131 Korumak, Trafi\u011finizi ve Markan\u0131z\u0131 Korumakt\u0131r<\/span><\/h2>\n<p>Subdomain takeover ve bo\u015fta kalan DNS kay\u0131tlar\u0131, ilk bak\u0131\u015fta \u201cufak bir konfig\u00fcrasyon hatas\u0131\u201d gibi g\u00f6r\u00fcnse de, sonu\u00e7lar\u0131 itibar\u0131yla do\u011frudan marka itibar\u0131n\u0131z\u0131, m\u00fc\u015fteri g\u00fcvenini ve SEO performans\u0131n\u0131z\u0131 etkileyen kritik bir g\u00fcvenlik ba\u015fl\u0131\u011f\u0131d\u0131r. \u0130yi haber \u015fu ki, do\u011fru DNS mimarisi, d\u00fczenli envanter y\u00f6netimi ve net i\u015f s\u00fcre\u00e7leriyle bu riski b\u00fcy\u00fck \u00f6l\u00e7\u00fcde s\u0131f\u0131ra indirebilirsiniz.<\/p>\n<p>Elinizde \u00e7ok say\u0131da alan ad\u0131, onlarca subdomain veya ajans\/m\u00fc\u015fteri yap\u0131s\u0131 varsa, nereden ba\u015flayaca\u011f\u0131n\u0131z\u0131 d\u00fc\u015f\u00fcnmek bile yorucu olabilir. B\u00f6yle durumlarda DCHost ekibi olarak; domain ve DNS envanterinizi birlikte g\u00f6zden ge\u00e7irip, takeover risklerini tespit eden, temizlik ve yeniden tasar\u0131m i\u00e7eren net bir aksiyon plan\u0131 \u00e7\u0131karabiliyoruz. Yeni bir proje, hosting ge\u00e7i\u015fi veya kampanya d\u00f6nemine girmeden \u00f6nce, alan ad\u0131 ve DNS mimarinizi masaya yat\u0131rmak i\u00e7in do\u011fru zaman tam da \u015fimdi.<\/p>\n<p>E\u011fer siz de DNS taraf\u0131nda gri alanlar oldu\u011fundan \u015f\u00fcpheleniyorsan\u0131z, altyap\u0131n\u0131z DCHost\u2019ta olsun olmas\u0131n, teknik ekibiniz veya ajans\u0131n\u0131zla bu yaz\u0131daki kontrol listesini payla\u015f\u0131n; DCHost \u00fczerinde \u00e7al\u0131\u015fan domain ve sunucular\u0131n\u0131z i\u00e7in ise destek ekibimize ula\u015f\u0131p birlikte detayl\u0131 bir DNS g\u00fcvenlik taramas\u0131 planlayabilirsiniz.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u0130&ccedil;indekiler1 Subdomain Takeover ve Bo\u015fta Kalan DNS Kay\u0131tlar\u0131 Neden Bu Kadar Kritik?2 Subdomain Takeover Nedir?3 Bo\u015fta Kalan (Dangling) DNS Kay\u0131tlar\u0131 Nas\u0131l Olu\u015fur?3.1 1. Ge\u00e7ici Projeler ve Kampanyalar3.2 2. Staging ve Test Ortamlar\u01313.3 3. \u00dc\u00e7\u00fcnc\u00fc Parti SaaS Entegrasyonlar\u01313.4 4. Bulut \/ VPS Ge\u00e7i\u015fleri ve IP De\u011fi\u015fiklikleri3.5 5. Yetkisiz veya Unutulmu\u015f NS Delege Edilmeleri4 Subdomain Takeover\u2019\u0131n G\u00fcvenlik [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4777,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-4776","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/4776","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=4776"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/4776\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/4777"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=4776"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=4776"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=4776"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}