{"id":15988,"date":"2026-07-06T09:35:33","date_gmt":"2026-07-06T06:35:33","guid":{"rendered":"https:\/\/www.ihs.com.tr\/blog\/?p=15988"},"modified":"2026-07-06T09:35:33","modified_gmt":"2026-07-06T06:35:33","slug":"clickjacking-tiklama-sahtekarligi-nedir","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/","title":{"rendered":"Clickjacking (T\u0131klama Sahtekarl\u0131\u011f\u0131) Nedir? G\u00f6r\u00fcnmez \u0130frame&#8217;ler \u00dczerinden Nereye T\u0131klat\u0131l\u0131r?"},"content":{"rendered":"<p>Dijital d\u00fcnyada kullan\u0131c\u0131lar\u0131n g\u00fcvenli\u011fini tehdit eden bir\u00e7ok siber sald\u0131r\u0131 t\u00fcr\u00fc bulunmaktad\u0131r. Bunlardan biri olan Clickjacking (T\u0131klama Sahtekarl\u0131\u011f\u0131), kullan\u0131c\u0131lar\u0131 fark\u0131nda olmadan istemedikleri eylemleri ger\u00e7ekle\u015ftirmeye y\u00f6nlendiren sinsi bir sald\u0131r\u0131 tekni\u011fidir. Bu y\u00f6ntemde sald\u0131rganlar, me\u015fru bir web sayfas\u0131n\u0131n \u00fczerine \u015feffaf veya gizlenmi\u015f ba\u015fka bir sayfa yerle\u015ftirerek, kullan\u0131c\u0131lar\u0131n t\u0131klamalar\u0131n\u0131 ele ge\u00e7irir. Kullan\u0131c\u0131, g\u00f6r\u00fcn\u00fcrde zarars\u0131z bir butona veya ba\u011flant\u0131ya t\u0131klad\u0131\u011f\u0131n\u0131 zannederken, asl\u0131nda arka planda sald\u0131rgan\u0131n hedefledi\u011fi bir i\u015flemi ger\u00e7ekle\u015ftirmi\u015f olur. Bu makalede, Clickjacking&#8217;in ne oldu\u011funu, nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131, potansiyel tehlikelerini ve hem geli\u015ftiriciler hem de son kullan\u0131c\u0131lar i\u00e7in korunma y\u00f6ntemlerini detayl\u0131 bir \u015fekilde ele alaca\u011f\u0131z.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_77 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0130\u00e7erik Tablosu<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a4be0126a43d\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\" id=\"ez-toc-cssicon-toggle-item-6a4be0126a43d\" aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Clickjacking-Tiklama-Sahtekarligi-Kavramina-Giris\" >Clickjacking (T\u0131klama Sahtekarl\u0131\u011f\u0131) Kavram\u0131na Giri\u015f<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Clickjacking-Nedir\" >Clickjacking Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Temel-Calisma-Prensibi-Arayuz-Kandirmacasi-UI-Redressing\" >Temel \u00c7al\u0131\u015fma Prensibi: Aray\u00fcz Kand\u0131rmacas\u0131 (UI Redressing)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Clickjackingin-Diger-Web-Saldiri-Turlerinden-XSS-CSRF-Farklari\" >Clickjacking&#8217;in Di\u011fer Web Sald\u0131r\u0131 T\u00fcrlerinden (XSS, CSRF) Farklar\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Saldirinin-Potansiyel-Etkileri-ve-Tehlikeleri\" >Sald\u0131r\u0131n\u0131n Potansiyel Etkileri ve Tehlikeleri<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Clickjacking-Saldirisinin-Teknik-Anatomisi\" >Clickjacking Sald\u0131r\u0131s\u0131n\u0131n Teknik Anatomisi<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Gorunmez-iframein-Rolu-ve-Onemi\" >G\u00f6r\u00fcnmez iframe&#8217;in Rol\u00fc ve \u00d6nemi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Saldirganin-Kullandigi-HTML-ve-CSS-Teknikleri\" >Sald\u0131rgan\u0131n Kulland\u0131\u011f\u0131 HTML ve CSS Teknikleri<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Tuzak-Sayfa-ve-Hedef-Sayfanin-Ust-Uste-Bindirilmesi\" >Tuzak Sayfa ve Hedef Sayfan\u0131n \u00dcst \u00dcste Bindirilmesi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Kullanicinin-Aldatilmasi-Gorunen-ve-Gercek-Tiklama-Eylemi\" >Kullan\u0131c\u0131n\u0131n Aldat\u0131lmas\u0131: G\u00f6r\u00fcnen ve Ger\u00e7ek T\u0131klama Eylemi<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Clickjacking-Saldiri-Senaryolari-ve-Hedefleri\" >Clickjacking Sald\u0131r\u0131 Senaryolar\u0131 ve Hedefleri<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Sosyal-Medya-Hesaplarinin-Kotuye-Kullanimi\" >Sosyal Medya Hesaplar\u0131n\u0131n K\u00f6t\u00fcye Kullan\u0131m\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Finansal-ve-Ticari-Eylemler\" >Finansal ve Ticari Eylemler<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Kullanici-Bilgilerinin-ve-Izinlerinin-Calinmasi\" >Kullan\u0131c\u0131 Bilgilerinin ve \u0130zinlerinin \u00c7al\u0131nmas\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Kotu-Amacli-Yazilim-Bulastirma\" >K\u00f6t\u00fc Ama\u00e7l\u0131 Yaz\u0131l\u0131m Bula\u015ft\u0131rma<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Web-Gelistiricileri-Icin-Clickjackinge-Karsi-Savunma-Stratejileri\" >Web Geli\u015ftiricileri \u0130\u00e7in Clickjacking&#8217;e Kar\u015f\u0131 Savunma Stratejileri<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Sunucu-Tarafli-Onlemler-HTTP-Guvenlik-Basliklari\" >Sunucu Tarafl\u0131 \u00d6nlemler: HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Istemci-Tarafli-Onlemler-Frame-Busting-Scriptleri\" >\u0130stemci Tarafl\u0131 \u00d6nlemler: Frame-Busting Scriptleri<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Diger-Savunma-Katmanlari\" >Di\u011fer Savunma Katmanlar\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Son-Kullanicilar-Icin-Clickjacking-Farkindaligi-ve-Korunma-Yollari\" >Son Kullan\u0131c\u0131lar \u0130\u00e7in Clickjacking Fark\u0131ndal\u0131\u011f\u0131 ve Korunma Yollar\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Supheli-Web-Siteleri-ve-E-postalara-Karsi-Dikkatli-Olma\" >\u015e\u00fcpheli Web Siteleri ve E-postalara Kar\u015f\u0131 Dikkatli Olma<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Tarayici-Guvenlik-Eklentilerinin-Kullanimi-Orn-NoScript\" >Taray\u0131c\u0131 G\u00fcvenlik Eklentilerinin Kullan\u0131m\u0131 (\u00d6rn: NoScript)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Tarayici-ve-Isletim-Sistemini-Guncel-Tutmanin-Onemi\" >Taray\u0131c\u0131 ve \u0130\u015fletim Sistemini G\u00fcncel Tutman\u0131n \u00d6nemi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Tiklamadan-Once-Baglanti-Onizlemelerini-Kontrol-Etme\" >T\u0131klamadan \u00d6nce Ba\u011flant\u0131 \u00d6nizlemelerini Kontrol Etme<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Clickjacking-Korumasi-ve-Web-Guvenligi-Icin-Neden-IHS-Telekomu-Tercih-Etmelisiniz\" >Clickjacking Korumas\u0131 ve Web G\u00fcvenli\u011fi \u0130\u00e7in Neden \u0130HS Telekom&#8217;u Tercih Etmelisiniz?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Web-Uygulama-Guvenlik-Duvari-WAF-ile-Kapsamli-Koruma\" >Web Uygulama G\u00fcvenlik Duvar\u0131 (WAF) ile Kapsaml\u0131 Koruma<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#Guvenlik-Odakli-Sunucu-Yapilandirmalari-ve-Yonetimi\" >G\u00fcvenlik Odakl\u0131 Sunucu Yap\u0131land\u0131rmalar\u0131 ve Y\u00f6netimi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#DDoS-ve-Diger-Web-Saldirilarina-Karsi-Gelismis-Altyapi\" >DDoS ve Di\u011fer Web Sald\u0131r\u0131lar\u0131na Kar\u015f\u0131 Geli\u015fmi\u015f Altyap\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/www.ihs.com.tr\/blog\/clickjacking-tiklama-sahtekarligi-nedir\/#724-Uzman-Teknik-Destek-ve-Guvenlik-Danismanligi\" >7\/24 Uzman Teknik Destek ve G\u00fcvenlik Dan\u0131\u015fmanl\u0131\u011f\u0131<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Clickjacking-Tiklama-Sahtekarligi-Kavramina-Giris\"><\/span>Clickjacking (T\u0131klama Sahtekarl\u0131\u011f\u0131) Kavram\u0131na Giri\u015f<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Clickjacking, modern web uygulamalar\u0131n\u0131n kar\u015f\u0131la\u015ft\u0131\u011f\u0131 en aldat\u0131c\u0131 siber tehditlerden biridir. Kullan\u0131c\u0131n\u0131n taray\u0131c\u0131daki oturumunu ve g\u00fcvenini k\u00f6t\u00fcye kullanarak, onu kendi iradesi d\u0131\u015f\u0131nda i\u015flemler yapmaya zorlar. Bu b\u00f6l\u00fcm, sald\u0131r\u0131n\u0131n temel tan\u0131m\u0131n\u0131, \u00e7al\u0131\u015fma prensibini ve di\u011fer siber sald\u0131r\u0131lardan farklar\u0131n\u0131 ortaya koyarak konuya kapsaml\u0131 bir ba\u015flang\u0131\u00e7 yapmay\u0131 ama\u00e7lamaktad\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Clickjacking-Nedir\"><\/span>Clickjacking Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Clickjacking, en temel tan\u0131m\u0131yla bir &#8220;T\u0131klama Ka\u00e7\u0131rma&#8221; veya &#8220;T\u0131klama Gasp\u0131&#8221; sald\u0131r\u0131s\u0131d\u0131r. Sald\u0131rgan, kullan\u0131c\u0131n\u0131n etkile\u015fimde bulundu\u011funu sand\u0131\u011f\u0131 web sayfas\u0131 aray\u00fcz\u00fcn\u00fcn \u00fczerine, g\u00f6r\u00fcnmez veya kamufle edilmi\u015f ba\u015fka bir web sayfas\u0131 katman\u0131 yerle\u015ftirir. Kullan\u0131c\u0131, masum bir &#8220;Videoyu Oynat&#8221; veya &#8220;\u0130ndir&#8221; butonuna t\u0131klad\u0131\u011f\u0131n\u0131 d\u00fc\u015f\u00fcn\u00fcrken, asl\u0131nda g\u00f6r\u00fcnmez katmanda bulunan ve tamamen farkl\u0131 bir i\u015flevi olan (\u00f6rne\u011fin, bir sosyal medya hesab\u0131ndan payla\u015f\u0131m yapma veya bir \u00fcr\u00fcn\u00fc sat\u0131n alma) bir butona t\u0131klam\u0131\u015f olur. Sald\u0131r\u0131n\u0131n temel amac\u0131, kullan\u0131c\u0131n\u0131n mevcut oturum yetkilerini kullanarak, onun ad\u0131na yetkisiz eylemler ger\u00e7ekle\u015ftirmektir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Temel-Calisma-Prensibi-Arayuz-Kandirmacasi-UI-Redressing\"><\/span>Temel \u00c7al\u0131\u015fma Prensibi: Aray\u00fcz Kand\u0131rmacas\u0131 (UI Redressing)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Clickjacking sald\u0131r\u0131s\u0131n\u0131n teknik temelini &#8220;UI Redressing&#8221; yani &#8220;Aray\u00fcz Yeniden Giydirme&#8221; veya &#8220;Aray\u00fcz Kand\u0131rmacas\u0131&#8221; olu\u015fturur. Bu teknikte sald\u0131rgan, hedef web sitesini (kullan\u0131c\u0131n\u0131n oturum a\u00e7t\u0131\u011f\u0131 banka, sosyal medya vb.) bir iframe (inline frame) i\u00e7ine y\u00fckler. Daha sonra bu iframe&#8217;i, kendi kontrol\u00fcndeki tuzak web sayfas\u0131n\u0131n \u00fczerine yerle\u015ftirir. \u00c7e\u015fitli CSS teknikleri kullanarak iframe&#8217;i tamamen \u015feffaf hale getirir ve kullan\u0131c\u0131n\u0131n g\u00f6remeyece\u011fi \u015fekilde konumland\u0131r\u0131r. Kullan\u0131c\u0131 sadece alttaki tuzak sayfay\u0131 g\u00f6r\u00fcr ancak t\u0131klamalar\u0131, \u00fcstteki g\u00f6r\u00fcnmez iframe taraf\u0131ndan yakalan\u0131r. Bu sayede, kullan\u0131c\u0131n\u0131n t\u0131klama eylemi, aldat\u0131c\u0131 aray\u00fczden \u00e7al\u0131narak, me\u015fru ama g\u00f6r\u00fcnmez olan aray\u00fcze y\u00f6nlendirilmi\u015f olur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Clickjackingin-Diger-Web-Saldiri-Turlerinden-XSS-CSRF-Farklari\"><\/span>Clickjacking&#8217;in Di\u011fer Web Sald\u0131r\u0131 T\u00fcrlerinden (XSS, CSRF) Farklar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Clickjacking, genellikle <a href=\"https:\/\/www.ihs.com.tr\/blog\/wordpressteki-jetpack-plugininde-depolanmis-xss-acigi-tespit-edildi\/\" target=\"_blank\">XSS (Cross-Site Scripting)<\/a> ve CSRF (Cross-Site Request Forgery) gibi di\u011fer web sald\u0131r\u0131lar\u0131yla kar\u0131\u015ft\u0131r\u0131labilir, ancak \u00e7al\u0131\u015fma mekanizmalar\u0131 ve hedefleri a\u00e7\u0131s\u0131ndan \u00f6nemli farklar bar\u0131nd\u0131r\u0131r. Bu farklar\u0131 anlamak, do\u011fru savunma stratejilerini geli\u015ftirmek i\u00e7in kritik \u00f6neme sahiptir.<\/p>\n<div class=\"karsilastirma\">\n<table>\n<thead>\n<tr>\n<th>Sald\u0131r\u0131 T\u00fcr\u00fc<\/th>\n<th>Temel Mekanizma<\/th>\n<th>Sald\u0131rgan\u0131n Amac\u0131<\/th>\n<th>Temel Savunma Y\u00f6ntemi<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Clickjacking<\/strong><\/td>\n<td>G\u00f6rsel katmanlar ve iframe&#8217;ler kullanarak kullan\u0131c\u0131n\u0131n t\u0131klamalar\u0131n\u0131 ele ge\u00e7irme.<\/td>\n<td>Kullan\u0131c\u0131n\u0131n mevcut oturumu \u00fczerinden, onun ad\u0131na t\u0131klama bazl\u0131 eylemler (be\u011fenme, sat\u0131n alma, onaylama) ger\u00e7ekle\u015ftirmek.<\/td>\n<td>HTTP Ba\u015fl\u0131klar\u0131 (X-Frame-Options, CSP: frame-ancestors)<\/td>\n<\/tr>\n<tr>\n<td><strong>XSS (Cross-Site Scripting)<\/strong><\/td>\n<td>G\u00fcvenilir bir web sitesine k\u00f6t\u00fc ama\u00e7l\u0131 JavaScript kodu enjekte etme.<\/td>\n<td>Kullan\u0131c\u0131n\u0131n taray\u0131c\u0131s\u0131nda kod \u00e7al\u0131\u015ft\u0131rarak oturum bilgilerini (cookie) \u00e7almak, sayfa i\u00e7eri\u011fini de\u011fi\u015ftirmek.<\/td>\n<td>Giri\u015f verisi do\u011frulama (Input Validation) ve \u00e7\u0131k\u0131\u015f verisi kodlama (Output Encoding).<\/td>\n<\/tr>\n<tr>\n<td><strong>CSRF (Cross-Site Request Forgery)<\/strong><\/td>\n<td>Kullan\u0131c\u0131n\u0131n taray\u0131c\u0131s\u0131n\u0131, oturumunun a\u00e7\u0131k oldu\u011fu ba\u015fka bir sitede istenmeyen bir istek (request) yapmaya zorlama.<\/td>\n<td>Kullan\u0131c\u0131n\u0131n kimli\u011fiyle parola de\u011fi\u015ftirme, para transferi gibi durum bilgisi de\u011fi\u015ftiren eylemler ger\u00e7ekle\u015ftirmek.<\/td>\n<td>Anti-CSRF Token&#8217;lar\u0131, SameSite Cookie nitelikleri.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h3><span class=\"ez-toc-section\" id=\"Saldirinin-Potansiyel-Etkileri-ve-Tehlikeleri\"><\/span>Sald\u0131r\u0131n\u0131n Potansiyel Etkileri ve Tehlikeleri<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Clickjacking sald\u0131r\u0131lar\u0131n\u0131n sonu\u00e7lar\u0131, hedeflenen eylemin hassasiyetine ba\u011fl\u0131 olarak basit bir can s\u0131k\u0131nt\u0131s\u0131ndan b\u00fcy\u00fck finansal kay\u0131plara kadar de\u011fi\u015febilir. Potansiyel etkiler aras\u0131nda sosyal medya hesaplar\u0131n\u0131n r\u0131zas\u0131z kullan\u0131m\u0131, sahte be\u011fenilerle itibar y\u00f6netimi manip\u00fclasyonu, yetkisiz para transferleri, istenmeyen \u00fcr\u00fcn sipari\u015fleri, kullan\u0131c\u0131n\u0131n mikrofon veya kamera gibi donan\u0131mlar\u0131na eri\u015fim izni al\u0131nmas\u0131 ve sahte indirme butonlar\u0131 arac\u0131l\u0131\u011f\u0131yla k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bula\u015ft\u0131r\u0131lmas\u0131 gibi ciddi tehlikeler bulunmaktad\u0131r.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Clickjacking-Saldirisinin-Teknik-Anatomisi\"><\/span>Clickjacking Sald\u0131r\u0131s\u0131n\u0131n Teknik Anatomisi<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Bir Clickjacking sald\u0131r\u0131s\u0131n\u0131n nas\u0131l ger\u00e7ekle\u015ftirildi\u011fini anlamak, ondan korunman\u0131n ilk ad\u0131m\u0131d\u0131r. Bu b\u00f6l\u00fcmde, sald\u0131r\u0131n\u0131n arkas\u0131ndaki teknik detaylar\u0131, \u00f6zellikle g\u00f6r\u00fcnmez iframe&#8217;lerin rol\u00fcn\u00fc ve sald\u0131rganlar\u0131n kulland\u0131\u011f\u0131 HTML\/CSS hilelerini ad\u0131m ad\u0131m inceleyece\u011fiz. Bu sayede, bir kullan\u0131c\u0131n\u0131n t\u0131klamas\u0131n\u0131n nas\u0131l ele ge\u00e7irildi\u011fi net bir \u015fekilde ortaya konulacakt\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Gorunmez-iframein-Rolu-ve-Onemi\"><\/span>G\u00f6r\u00fcnmez iframe&#8217;in Rol\u00fc ve \u00d6nemi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sald\u0131r\u0131n\u0131n kalbinde HTML `<iframe>` elementi yer al\u0131r. iframe, bir web sayfas\u0131 i\u00e7ine ba\u015fka bir web sayfas\u0131n\u0131 g\u00f6mmeye yarar. Sald\u0131rgan, hedef ald\u0131\u011f\u0131 me\u015fru siteyi (\u00f6rne\u011fin, kullan\u0131c\u0131n\u0131n banka sitesindeki para transferi onay sayfas\u0131) kendi kontrol\u00fcndeki web sayfas\u0131n\u0131n i\u00e7ine bir iframe ile y\u00fckler. Bu iframe, sald\u0131r\u0131n\u0131n ta\u015f\u0131y\u0131c\u0131s\u0131d\u0131r. Kullan\u0131c\u0131n\u0131n taray\u0131c\u0131s\u0131, hedef siteye ait oturum \u00e7erezlerini (cookies) bu iframe i\u00e7indeki istekte de g\u00f6nderece\u011fi i\u00e7in, iframe i\u00e7inde y\u00fcklenen sayfa kullan\u0131c\u0131n\u0131n oturumuyla aktif hale gelir. Sald\u0131rgan\u0131n tek yapmas\u0131 gereken, bu g\u00fc\u00e7l\u00fc arac\u0131 kullan\u0131c\u0131dan gizlemektir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Saldirganin-Kullandigi-HTML-ve-CSS-Teknikleri\"><\/span>Sald\u0131rgan\u0131n Kulland\u0131\u011f\u0131 HTML ve CSS Teknikleri<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sald\u0131rgan, iframe&#8217;i g\u00f6r\u00fcnmez k\u0131lmak ve kullan\u0131c\u0131n\u0131n t\u0131klamas\u0131n\u0131 hassas bir \u015fekilde hedeflemek i\u00e7in bir dizi temel CSS \u00f6zelli\u011finden faydalan\u0131r. Bu teknikler, sald\u0131r\u0131n\u0131n ba\u015far\u0131s\u0131 i\u00e7in kritik \u00f6neme sahiptir.<\/p>\n<h4>iframe&#8217;in \u015eeffafl\u0131\u011f\u0131n\u0131n Ayarlanmas\u0131 (Opacity)<\/h4>\n<p>En yayg\u0131n y\u00f6ntem, iframe&#8217;in CSS `opacity` \u00f6zelli\u011fini s\u0131f\u0131ra indirmektir. `opacity: 0;` kural\u0131, iframe&#8217;in tamamen \u015feffaf olmas\u0131n\u0131 sa\u011flar. Bu durumda iframe, sayfada yer kaplamaya devam eder, t\u0131klanabilir ve i\u015flevseldir, ancak g\u00f6rsel olarak tamamen kaybolmu\u015ftur. Kullan\u0131c\u0131, alttaki sahte i\u00e7eri\u011fi g\u00f6r\u00fcrken, asl\u0131nda \u00fcstteki g\u00f6r\u00fcnmez iframe katman\u0131yla etkile\u015fime girer.<\/p>\n<h4>Katmanlar\u0131n Y\u00f6netimi (Z-index)<\/h4>\n<p>Web sayfalar\u0131nda elementlerin \u00fcst \u00fcste binme s\u0131ras\u0131n\u0131 kontrol etmek i\u00e7in `z-index` CSS \u00f6zelli\u011fi kullan\u0131l\u0131r. Sald\u0131rgan, iframe&#8217;e y\u00fcksek bir `z-index` de\u011feri (\u00f6rne\u011fin, `z-index: 9999;`) atayarak, onun di\u011fer t\u00fcm sayfa elementlerinin \u00fczerinde yer almas\u0131n\u0131 garantiler. Bu sayede, kullan\u0131c\u0131 nereye t\u0131klarsa t\u0131klas\u0131n, t\u0131klama olay\u0131 \u00f6ncelikle en \u00fcst katmanda bulunan g\u00f6r\u00fcnmez iframe taraf\u0131ndan yakalan\u0131r.<\/p>\n<h4>iframe&#8217;in Hedef Buton \u00dczerine Konumland\u0131r\u0131lmas\u0131<\/h4>\n<p>Sald\u0131rgan\u0131n son ad\u0131m\u0131, g\u00f6r\u00fcnmez iframe&#8217;i, alttaki tuzak sayfada bulunan sahte butonun tam \u00fczerine denk getirmektir. Bunun i\u00e7in CSS&#8217;in `position: absolute;` veya `position: fixed;` gibi konumland\u0131rma \u00f6zelliklerini kullan\u0131r. iframe&#8217;in `top` ve `left` de\u011ferlerini piksel piksel ayarlayarak, hedef eylemi ger\u00e7ekle\u015ftirecek olan butonu (\u00f6rne\u011fin, &#8220;Transferi Onayla&#8221; butonu) tam olarak kullan\u0131c\u0131n\u0131n t\u0131klayaca\u011f\u0131 &#8220;Videoyu Oynat&#8221; butonunun alt\u0131na yerle\u015ftirir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tuzak-Sayfa-ve-Hedef-Sayfanin-Ust-Uste-Bindirilmesi\"><\/span>Tuzak Sayfa ve Hedef Sayfan\u0131n \u00dcst \u00dcste Bindirilmesi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>T\u00fcm bu teknikler bir araya geldi\u011finde, ortaya aldat\u0131c\u0131 bir yap\u0131 \u00e7\u0131kar. En alt katmanda kullan\u0131c\u0131n\u0131n g\u00f6rd\u00fc\u011f\u00fc, ilgi \u00e7ekici bir ba\u015fl\u0131k veya \u00f6d\u00fcl vaadi i\u00e7eren tuzak sayfa bulunur. Bu sayfan\u0131n \u00fczerinde ise `opacity: 0` ile tamamen \u015feffaf hale getirilmi\u015f ve `z-index` ile en \u00fcste ta\u015f\u0131nm\u0131\u015f olan, hedef siteyi i\u00e7eren iframe yer al\u0131r. Kullan\u0131c\u0131, cazip teklife kan\u0131p butona t\u0131klad\u0131\u011f\u0131nda, asl\u0131nda \u015feffaf iframe i\u00e7indeki, hassas bir i\u015flemi tetikleyen butona t\u0131klam\u0131\u015f olur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kullanicinin-Aldatilmasi-Gorunen-ve-Gercek-Tiklama-Eylemi\"><\/span>Kullan\u0131c\u0131n\u0131n Aldat\u0131lmas\u0131: G\u00f6r\u00fcnen ve Ger\u00e7ek T\u0131klama Eylemi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sonu\u00e7 olarak, kullan\u0131c\u0131 ile sistem aras\u0131nda bir alg\u0131 fark\u0131 yarat\u0131l\u0131r.<\/p>\n<ul>\n<li><b>G\u00f6r\u00fcnen Eylem:<\/b> Kullan\u0131c\u0131, &#8220;\u00dccretsiz Hediye Kazan!&#8221; yazan bir butona t\u0131klad\u0131\u011f\u0131n\u0131 d\u00fc\u015f\u00fcn\u00fcr.<\/li>\n<li><b>Ger\u00e7ek Eylem:<\/b> Kullan\u0131c\u0131n\u0131n t\u0131klamas\u0131, \u015feffaf iframe katman\u0131ndan ge\u00e7erek, asl\u0131nda sosyal medya profilindeki &#8220;T\u00fcm Arkada\u015flar\u0131ma Bu Sayfay\u0131 \u00d6ner&#8221; butonunu tetikler.<\/li>\n<\/ul>\n<p>Bu aldatmaca, kullan\u0131c\u0131n\u0131n aktif oturumunu ve taray\u0131c\u0131s\u0131na olan g\u00fcvenini istismar ederek, siber sald\u0131rgan\u0131n hedefine ula\u015fmas\u0131n\u0131 sa\u011flar.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Clickjacking-Saldiri-Senaryolari-ve-Hedefleri\"><\/span>Clickjacking Sald\u0131r\u0131 Senaryolar\u0131 ve Hedefleri<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Clickjacking sald\u0131r\u0131lar\u0131n\u0131n esnek yap\u0131s\u0131, onlar\u0131 \u00e7ok \u00e7e\u015fitli k\u00f6t\u00fc ama\u00e7l\u0131 hedefler i\u00e7in kullan\u0131labilir hale getirir. Sald\u0131rganlar, kullan\u0131c\u0131n\u0131n oturumunun a\u00e7\u0131k oldu\u011fu herhangi bir web sitesindeki t\u0131klama tabanl\u0131 eylemleri hedef alabilirler. Bu b\u00f6l\u00fcmde, sosyal medyadan finansa, ki\u015fisel veri h\u0131rs\u0131zl\u0131\u011f\u0131ndan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m yaymaya kadar en yayg\u0131n sald\u0131r\u0131 senaryolar\u0131n\u0131 ve hedeflerini inceleyece\u011fiz.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sosyal-Medya-Hesaplarinin-Kotuye-Kullanimi\"><\/span>Sosyal Medya Hesaplar\u0131n\u0131n K\u00f6t\u00fcye Kullan\u0131m\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sosyal medya platformlar\u0131, t\u0131klama tabanl\u0131 etkile\u015fimlere dayand\u0131\u011f\u0131 i\u00e7in Clickjacking sald\u0131r\u0131lar\u0131n\u0131n en pop\u00fcler hedeflerindendir. Kullan\u0131c\u0131lar\u0131n genellikle bu platformlarda s\u00fcrekli oturumlar\u0131 a\u00e7\u0131k oldu\u011fundan, sald\u0131rganlar i\u00e7in cazip bir zemin olu\u015fturur.<\/p>\n<h4>Sahte Be\u011feniler, Payla\u015f\u0131mlar ve Takipler (Likejacking)<\/h4>\n<p>Bu, Clickjacking&#8217;in en bilinen alt t\u00fcr\u00fcd\u00fcr ve &#8220;Likejacking&#8221; olarak adland\u0131r\u0131l\u0131r. Sald\u0131rgan, bir web sayfas\u0131na gizlenmi\u015f &#8220;Be\u011fen&#8221; veya &#8220;Takip Et&#8221; butonu yerle\u015ftirir. Kullan\u0131c\u0131, sayfadaki alakas\u0131z bir i\u00e7eri\u011fe t\u0131klad\u0131\u011f\u0131n\u0131 sanarken, asl\u0131nda sald\u0131rgan\u0131n istedi\u011fi bir sayfay\u0131 be\u011fenmi\u015f veya bir profili takip etmi\u015f olur. Bu y\u00f6ntem, sahte pop\u00fclerlik yaratmak, spam yaymak veya belirli bir g\u00fcndemi manip\u00fcle etmek i\u00e7in kullan\u0131l\u0131r.<\/p>\n<h4>\u0130stenmeyen Mesajlar\u0131n G\u00f6nderilmesi<\/h4>\n<p>Daha tehlikeli bir senaryoda, sald\u0131rganlar kullan\u0131c\u0131n\u0131n hesab\u0131ndan \u00f6zel mesaj g\u00f6nderme i\u015flevini hedefleyebilir. Gizlenmi\u015f bir &#8220;G\u00f6nder&#8221; butonu arac\u0131l\u0131\u011f\u0131yla, kullan\u0131c\u0131n\u0131n t\u00fcm arkada\u015f listesine oltalama (phishing) linkleri veya k\u00f6t\u00fc ama\u00e7l\u0131 i\u00e7erikler g\u00f6nderilebilir. Bu, sald\u0131r\u0131n\u0131n h\u0131zla yay\u0131lmas\u0131na neden olur, \u00e7\u00fcnk\u00fc mesajlar g\u00fcvenilir bir kaynaktan geliyormu\u015f gibi g\u00f6r\u00fcn\u00fcr.<\/p>\n<h4>Profil Bilgilerinin \u0130stenmeden De\u011fi\u015ftirilmesi<\/h4>\n<p>Sald\u0131rganlar, kullan\u0131c\u0131n\u0131n profil ayarlar\u0131 sayfas\u0131n\u0131 bir iframe i\u00e7ine y\u00fckleyebilir. &#8220;Kaydet&#8221; veya &#8220;Onayla&#8221; gibi butonlar\u0131 hedefleyerek, kullan\u0131c\u0131n\u0131n profil foto\u011fraf\u0131n\u0131, ki\u015fisel bilgilerini veya gizlilik ayarlar\u0131n\u0131 onun haberi olmadan de\u011fi\u015ftirebilirler. Bu, itibar zedeleme veya \u015fantaj gibi ama\u00e7larla kullan\u0131labilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Finansal-ve-Ticari-Eylemler\"><\/span>Finansal ve Ticari Eylemler<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Clickjacking, do\u011frudan finansal kazan\u00e7 sa\u011flamak amac\u0131yla da kullan\u0131labilir. E-ticaret siteleri ve online bankac\u0131l\u0131k platformlar\u0131, bu t\u00fcr sald\u0131r\u0131lar i\u00e7in hassas hedeflerdir.<\/p>\n<h4>Yetkisiz Para Transferlerinin Onaylat\u0131lmas\u0131<\/h4>\n<p>Bir sald\u0131rgan, bir online bankac\u0131l\u0131k sitesinin para transferi onay sayfas\u0131n\u0131 hedefleyebilir. Kullan\u0131c\u0131, ba\u015fka bir sitede bir \u00f6d\u00fcl kazand\u0131\u011f\u0131n\u0131 onaylamak i\u00e7in bir butona t\u0131klad\u0131\u011f\u0131n\u0131 d\u00fc\u015f\u00fcn\u00fcrken, asl\u0131nda banka hesab\u0131ndan sald\u0131rgan\u0131n hesab\u0131na para transferini onaylayan butona t\u0131klam\u0131\u015f olabilir. Bu, genellikle \u00e7ok fakt\u00f6rl\u00fc kimlik do\u011frulaman\u0131n zay\u0131f oldu\u011fu sistemlerde daha etkilidir.<\/p>\n<h4>\u0130stenmeyen \u00dcr\u00fcn veya Hizmet Sipari\u015fleri<\/h4>\n<p>Kullan\u0131c\u0131n\u0131n bir e-ticaret sitesinde oturumu a\u00e7\u0131ksa ve \u00f6deme bilgileri kay\u0131tl\u0131ysa, sald\u0131rganlar tek t\u0131klamayla sat\u0131n alma \u00f6zelli\u011fini k\u00f6t\u00fcye kullanabilir. &#8220;Sepete Ekle&#8221; ve &#8220;Sat\u0131n Al&#8221; butonlar\u0131n\u0131 gizleyerek, kullan\u0131c\u0131ya fark\u0131nda olmadan \u00fcr\u00fcn veya hizmet sat\u0131n ald\u0131rabilirler.<\/p>\n<h4>Aboneliklerin Ba\u015flat\u0131lmas\u0131 veya \u0130ptal Edilmesi<\/h4>\n<p>Benzer bir teknikle, kullan\u0131c\u0131lar bilgileri d\u0131\u015f\u0131nda \u00fccretli bir hizmete abone yap\u0131labilir veya mevcut \u00f6nemli bir abonelikleri (\u00f6rne\u011fin, bir g\u00fcvenlik yaz\u0131l\u0131m\u0131 aboneli\u011fi) iptal ettirilebilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kullanici-Bilgilerinin-ve-Izinlerinin-Calinmasi\"><\/span>Kullan\u0131c\u0131 Bilgilerinin ve \u0130zinlerinin \u00c7al\u0131nmas\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Clickjacking sadece anl\u0131k eylemler i\u00e7in de\u011fil, ayn\u0131 zamanda gelecekteki sald\u0131r\u0131lara zemin haz\u0131rlamak i\u00e7in de kullan\u0131labilir. Bu t\u00fcr sald\u0131r\u0131lar genellikle daha gizli ve tespiti zor olabilir.<\/p>\n<h4>Oturum A\u00e7ma Bilgilerinin Ele Ge\u00e7irilmesi<\/h4>\n<p>Sald\u0131rganlar, sahte bir giri\u015f formu olu\u015fturup, kullan\u0131c\u0131n\u0131n her harfi giri\u015fi i\u00e7in bir t\u0131klama eylemi \u00e7alarak klavye vuru\u015flar\u0131n\u0131 tahmin etmeye y\u00f6nelik karma\u015f\u0131k sald\u0131r\u0131lar (Keylogging via Clickjacking) d\u00fczenleyebilir. Bu, geleneksel y\u00f6ntemlere g\u00f6re daha zor olsa da m\u00fcmk\u00fcnd\u00fcr.<\/p>\n<h4>Kamera ve Mikrofon Eri\u015fim \u0130zinlerinin Al\u0131nmas\u0131<\/h4>\n<p>Taray\u0131c\u0131lar, bir sitenin kullan\u0131c\u0131n\u0131n kamera veya mikrofonuna eri\u015fmesi i\u00e7in bir izin istemi g\u00f6sterir. Sald\u0131rgan, bu izin istemindeki &#8220;\u0130zin Ver&#8221; butonunu, masum bir butonun alt\u0131na gizleyerek, kullan\u0131c\u0131n\u0131n fark\u0131nda olmadan cihazlar\u0131na eri\u015fim izni vermesini sa\u011flayabilir. Bu, Adobe Flash&#8217;\u0131n yayg\u0131n oldu\u011fu d\u00f6nemlerde daha s\u0131k g\u00f6r\u00fclen bir sald\u0131r\u0131 vekt\u00f6r\u00fcyd\u00fc.<\/p>\n<h4>Ki\u015fisel Verilerin \u0130f\u015fas\u0131<\/h4>\n<p>Bir kullan\u0131c\u0131n\u0131n profilindeki gizlilik ayarlar\u0131n\u0131 &#8220;herkese a\u00e7\u0131k&#8221; yapacak bir butonu hedefleyerek, normalde gizli olan ki\u015fisel bilgilerin (telefon numaras\u0131, e-posta adresi vb.) if\u015fa edilmesine neden olabilirler.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kotu-Amacli-Yazilim-Bulastirma\"><\/span>K\u00f6t\u00fc Ama\u00e7l\u0131 Yaz\u0131l\u0131m Bula\u015ft\u0131rma<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Clickjacking, kullan\u0131c\u0131lar\u0131 kand\u0131rarak bilgisayarlar\u0131na veya mobil cihazlar\u0131na zararl\u0131 yaz\u0131l\u0131mlar indirmeye ikna etmek i\u00e7in etkili bir y\u00f6ntemdir.<\/p>\n<h4>Sahte \u0130ndirme Butonlar\u0131 ile Malware Yayma<\/h4>\n<p>Sald\u0131rgan, &#8220;videoyu oynat&#8221; veya &#8220;makaleyi oku&#8221; gibi g\u00f6r\u00fcnen bir butonun alt\u0131na, k\u00f6t\u00fc ama\u00e7l\u0131 bir yaz\u0131l\u0131m indirme i\u015flemini ba\u015flatan ger\u00e7ek bir ba\u011flant\u0131y\u0131 gizler. Kullan\u0131c\u0131 i\u00e7eri\u011fe eri\u015fmek i\u00e7in t\u0131klad\u0131\u011f\u0131nda, arka planda bir vir\u00fcs, fidye yaz\u0131l\u0131m\u0131 (ransomware) veya casus yaz\u0131l\u0131m (spyware) indirmeye ba\u015flar.<\/p>\n<h4>G\u00fcvenlik Uyar\u0131lar\u0131n\u0131n Atlat\u0131lmas\u0131<\/h4>\n<p>Taray\u0131c\u0131lar\u0131n veya i\u015fletim sistemlerinin g\u00f6sterdi\u011fi &#8220;Bu dosyay\u0131 \u00e7al\u0131\u015ft\u0131rmak istedi\u011finizden emin misiniz?&#8221; gibi g\u00fcvenlik uyar\u0131lar\u0131 da Clickjacking ile hedeflenebilir. &#8220;Evet&#8221; veya &#8220;\u00c7al\u0131\u015ft\u0131r&#8221; butonu, kullan\u0131c\u0131n\u0131n t\u0131klad\u0131\u011f\u0131 zarars\u0131z bir elementin alt\u0131na gizlenerek, kullan\u0131c\u0131n\u0131n g\u00fcvenlik mekanizmalar\u0131n\u0131 kendi eliyle atlatmas\u0131 sa\u011flan\u0131r.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Web-Gelistiricileri-Icin-Clickjackinge-Karsi-Savunma-Stratejileri\"><\/span>Web Geli\u015ftiricileri \u0130\u00e7in Clickjacking&#8217;e Kar\u015f\u0131 Savunma Stratejileri<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Web sitelerini Clickjacking sald\u0131r\u0131lar\u0131ndan koruma sorumlulu\u011fu \u00f6ncelikli olarak web geli\u015ftiricilerine ve sistem y\u00f6neticilerine aittir. Neyse ki, bu t\u00fcr sald\u0131r\u0131lar\u0131 \u00f6nlemek i\u00e7in hem sunucu taraf\u0131nda hem de istemci taraf\u0131nda uygulanabilecek etkili ve standartla\u015fm\u0131\u015f y\u00f6ntemler mevcuttur. Bu b\u00f6l\u00fcmde, web uygulamalar\u0131n\u0131 g\u00fcvence alt\u0131na almak i\u00e7in kullan\u0131labilecek temel savunma stratejilerini ele alaca\u011f\u0131z.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sunucu-Tarafli-Onlemler-HTTP-Guvenlik-Basliklari\"><\/span>Sunucu Tarafl\u0131 \u00d6nlemler: HTTP G\u00fcvenlik Ba\u015fl\u0131klar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>En g\u00fc\u00e7l\u00fc ve tavsiye edilen korunma y\u00f6ntemi, sunucunun g\u00f6nderdi\u011fi HTTP yan\u0131t ba\u015fl\u0131klar\u0131n\u0131 do\u011fru \u015fekilde yap\u0131land\u0131rmakt\u0131r. Bu ba\u015fl\u0131klar, taray\u0131c\u0131ya sayfan\u0131z\u0131n ba\u015fka bir site taraf\u0131ndan iframe i\u00e7inde y\u00fcklenip y\u00fcklenemeyece\u011fi konusunda net talimatlar verir.<\/p>\n<h4>X-Frame-Options Ba\u015fl\u0131\u011f\u0131 (Deny, Sameorigin, Allow-from)<\/h4>\n<p>`X-Frame-Options` ba\u015fl\u0131\u011f\u0131, Clickjacking&#8217;e kar\u015f\u0131 geli\u015ftirilmi\u015f ilk standart savunma mekanizmas\u0131d\u0131r ve hala geni\u015f taray\u0131c\u0131 deste\u011fine sahiptir. \u00dc\u00e7 olas\u0131 de\u011feri vard\u0131r:<\/p>\n<div class=\"karsilastirma\">\n<table>\n<thead>\n<tr>\n<th>Direktif<\/th>\n<th>A\u00e7\u0131klama<\/th>\n<th>Kullan\u0131m Senaryosu<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>DENY<\/strong><\/td>\n<td>Sayfan\u0131n herhangi bir site taraf\u0131ndan, kendisi dahil, bir <code>&lt;frame&gt;<\/code>, <code>&lt;iframe&gt;<\/code>, <code>&lt;embed&gt;<\/code> veya <code>&lt;object&gt;<\/code> i\u00e7inde y\u00fcklenmesini tamamen engeller.<\/td>\n<td>Sayfan\u0131z\u0131n hi\u00e7bir ko\u015fulda \u00e7er\u00e7evelenmemesi gereken durumlar i\u00e7in en g\u00fcvenli se\u00e7enektir.<\/td>\n<\/tr>\n<tr>\n<td><strong>SAMEORIGIN<\/strong><\/td>\n<td>Sayfan\u0131n sadece kendi <a href=\"https:\/\/www.ihs.com.tr\/blog\/domain-nedir-ne-ise-yarar\/\" target=\"_blank\">alan ad\u0131<\/a> (domain) taraf\u0131ndan \u00e7er\u00e7evelenmesine izin verir.<\/td>\n<td>Sitenizin kendi i\u00e7inde frame yap\u0131lar\u0131n\u0131 (\u00f6rne\u011fin, bir admin panelinde) kulland\u0131\u011f\u0131 ancak d\u0131\u015far\u0131dan \u00e7er\u00e7evelenmesini istemedi\u011fi durumlar i\u00e7in idealdir.<\/td>\n<\/tr>\n<tr>\n<td><strong>ALLOW-FROM uri<\/strong><\/td>\n<td>Sadece belirtilen belirli bir URI taraf\u0131ndan sayfan\u0131n \u00e7er\u00e7evelenmesine izin verir.<\/td>\n<td>Bu direktif eski ve taray\u0131c\u0131 deste\u011fi zay\u0131f oldu\u011fu i\u00e7in genellikle \u00f6nerilmez. Bunun yerine CSP kullan\u0131lmal\u0131d\u0131r.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h4>\u0130\u00e7erik G\u00fcvenlik Politikas\u0131 (Content-Security-Policy): frame-ancestors Direktifi<\/h4>\n<p><a href=\"https:\/\/www.ihs.com.tr\/blog\/web-siteniz-varsa-siber-guvenlik-riski-de-vardir\/\" target=\"_blank\">\u0130\u00e7erik G\u00fcvenlik Politikas\u0131 (CSP)<\/a>, \u00e7ok daha esnek ve g\u00fc\u00e7l\u00fc bir g\u00fcvenlik mekanizmas\u0131d\u0131r. Clickjacking&#8217;e kar\u015f\u0131 `frame-ancestors` direktifini sunar. Bu direktif, `X-Frame-Options` ba\u015fl\u0131\u011f\u0131n\u0131n yerini almas\u0131 i\u00e7in tasarlanm\u0131\u015ft\u0131r ve daha modern bir yakla\u015f\u0131md\u0131r. \u00d6rnek kullan\u0131mlar:<\/p>\n<ul>\n<li><b>CSP: frame-ancestors &#8216;none&#8217;;<\/b> Bu, `X-Frame-Options: DENY` ile ayn\u0131 i\u015flevi g\u00f6r\u00fcr ve sayfan\u0131n \u00e7er\u00e7evelenmesini tamamen engeller.<\/li>\n<li><b>CSP: frame-ancestors &#8216;self&#8217;;<\/b> Bu, `X-Frame-Options: SAMEORIGIN` ile ayn\u0131 i\u015flevi g\u00f6r\u00fcr ve sadece ayn\u0131 kaynaktan \u00e7er\u00e7evelenmeye izin verir.<\/li>\n<li><b>CSP: frame-ancestors ihs.com.tr;<\/b> Bu, sayfan\u0131n yaln\u0131zca belirtilen domain ve onun alt domainleri taraf\u0131ndan \u00e7er\u00e7evelenmesine izin verir.<\/li>\n<\/ul>\n<p>Hem `X-Frame-Options` hem de `CSP frame-ancestors` ba\u015fl\u0131klar\u0131n\u0131n birlikte kullan\u0131lmas\u0131, eski ve yeni taray\u0131c\u0131larda maksimum uyumluluk ve koruma sa\u011flar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Istemci-Tarafli-Onlemler-Frame-Busting-Scriptleri\"><\/span>\u0130stemci Tarafl\u0131 \u00d6nlemler: Frame-Busting Scriptleri<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sunucu tarafl\u0131 ba\u015fl\u0131klar\u0131n kullan\u0131lamad\u0131\u011f\u0131 durumlarda veya ek bir savunma katman\u0131 olarak istemci taraf\u0131 JavaScript kodlar\u0131 kullan\u0131labilir. Bu kodlar &#8220;frame-buster&#8221; veya &#8220;frame-killer&#8221; olarak bilinir.<\/p>\n<h4>JavaScript ile Sayfan\u0131n iframe \u0130\u00e7inde Y\u00fcklenmesini Engelleme<\/h4>\n<p>Bu teknik, sayfan\u0131n bir iframe i\u00e7inde y\u00fcklenip y\u00fcklenmedi\u011fini kontrol eden basit bir JavaScript koduna dayan\u0131r. E\u011fer sayfa bir frame i\u00e7indeyse, kendisini en \u00fcst pencere olarak yeniden y\u00fcklemeye \u00e7al\u0131\u015f\u0131r. Tipik bir frame-buster kodu \u015fu \u015fekildedir:<br \/>\n`if (top.location != self.location) { top.location = self.location; }`<br \/>\nBu kod, mevcut pencerenin (`self.location`) en \u00fcst pencere (`top.location`) olup olmad\u0131\u011f\u0131n\u0131 kontrol eder. E\u011fer de\u011filse, bu sayfan\u0131n bir frame i\u00e7inde y\u00fcklendi\u011fi anlam\u0131na gelir ve en \u00fcst pencerenin adresi mevcut sayfan\u0131n adresiyle de\u011fi\u015ftirilerek frame&#8217;den &#8220;kurtulur&#8221;.<\/p>\n<h4>Bu Y\u00f6ntemin S\u0131n\u0131rl\u0131l\u0131klar\u0131 ve Atlat\u0131lma Y\u00f6ntemleri<\/h4>\n<p>Frame-busting scriptleri, HTTP ba\u015fl\u0131klar\u0131 kadar g\u00fcvenilir de\u011fildir. Sald\u0131rganlar, taray\u0131c\u0131n\u0131n g\u00fcvenlik ayarlar\u0131ndan veya JavaScript&#8217;in \u00e7al\u0131\u015fma mant\u0131\u011f\u0131ndan faydalanarak bu scriptleri etkisiz hale getirebilir. \u00d6rne\u011fin, iframe&#8217;in `sandbox` \u00f6zelli\u011fini kullanarak veya `onbeforeunload` olay\u0131n\u0131 tetikleyerek sayfan\u0131n yeniden y\u00f6nlendirilmesini engelleyebilirler. Bu nedenle, frame-busting scriptleri yaln\u0131zca sunucu tarafl\u0131 \u00f6nlemlerin bir yede\u011fi olarak d\u00fc\u015f\u00fcn\u00fclmelidir, asla birincil savunma hatt\u0131 olmamal\u0131d\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Diger-Savunma-Katmanlari\"><\/span>Di\u011fer Savunma Katmanlar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>HTTP ba\u015fl\u0131klar\u0131 ve JavaScript kontrollerine ek olarak, sald\u0131r\u0131n\u0131n etkisini azaltabilecek ba\u015fka savunma katmanlar\u0131 da mevcuttur.<\/p>\n<h4>SameSite \u00c7erez (Cookie) Ayarlar\u0131<\/h4>\n<p>\u00c7erezler i\u00e7in `SameSite` niteli\u011fini `Lax` veya `Strict` olarak ayarlamak, CSRF sald\u0131r\u0131lar\u0131na kar\u015f\u0131 etkili oldu\u011fu gibi Clickjacking&#8217;in baz\u0131 varyasyonlar\u0131na kar\u015f\u0131 da dolayl\u0131 bir koruma sa\u011flayabilir. `SameSite=Strict` olarak ayarlanm\u0131\u015f bir \u00e7erez, \u00e7apraz site (cross-site) ba\u011flam\u0131nda, yani bir iframe i\u00e7inde yap\u0131lan isteklerde g\u00f6nderilmez. Bu, sald\u0131rgan\u0131n iframe i\u00e7inde y\u00fckledi\u011fi sayfan\u0131n kullan\u0131c\u0131n\u0131n oturumunu kullanamamas\u0131na neden olabilir. Ancak bu, tam bir Clickjacking \u00e7\u00f6z\u00fcm\u00fc de\u011fildir ve taray\u0131c\u0131 deste\u011fi de\u011fi\u015fkenlik g\u00f6sterebilir.<\/p>\n<h4>Eylemler \u0130\u00e7in \u00c7ift Onay Mekanizmalar\u0131<\/h4>\n<p>\u00d6zellikle kritik i\u015flemler i\u00e7in kullan\u0131c\u0131dan ek bir onay istemek, Clickjacking sald\u0131r\u0131lar\u0131n\u0131 b\u00fcy\u00fck \u00f6l\u00e7\u00fcde etkisiz k\u0131labilir. \u00d6rne\u011fin, bir para transferi i\u015flemi i\u00e7in son ad\u0131mda kullan\u0131c\u0131ya rastgele olu\u015fturulmu\u015f bir kodu veya parolas\u0131n\u0131 tekrar girmesini istemek, sald\u0131rgan\u0131n basit bir t\u0131klama ile i\u015flemi tamamlamas\u0131n\u0131 engeller. Sald\u0131rgan, kullan\u0131c\u0131n\u0131n ne yazmas\u0131 gerekti\u011fini bilemez ve bu bilgiyi t\u0131klama yoluyla \u00e7alamaz.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Son-Kullanicilar-Icin-Clickjacking-Farkindaligi-ve-Korunma-Yollari\"><\/span>Son Kullan\u0131c\u0131lar \u0130\u00e7in Clickjacking Fark\u0131ndal\u0131\u011f\u0131 ve Korunma Yollar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Web geli\u015ftiricileri siteleri korumak i\u00e7in \u00f6nlemler alsa da, son kullan\u0131c\u0131lar\u0131n da dijital g\u00fcvenliklerini sa\u011flamak i\u00e7in bilin\u00e7li ve dikkatli olmalar\u0131 gerekir. Hi\u00e7bir teknik \u00f6nlem, dikkatsiz bir t\u0131klaman\u0131n yerini tutamaz. Bu b\u00f6l\u00fcmde, son kullan\u0131c\u0131lar\u0131n Clickjacking ve benzeri aray\u00fcz kand\u0131rmacas\u0131 sald\u0131r\u0131lar\u0131ndan kendilerini nas\u0131l koruyabileceklerine dair pratik ipu\u00e7lar\u0131 sunulmaktad\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Supheli-Web-Siteleri-ve-E-postalara-Karsi-Dikkatli-Olma\"><\/span>\u015e\u00fcpheli Web Siteleri ve E-postalara Kar\u015f\u0131 Dikkatli Olma<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Clickjacking sald\u0131r\u0131lar\u0131 genellikle kullan\u0131c\u0131lar\u0131 bir tuzak web sitesine \u00e7ekerek ba\u015flar. Bu sitelere y\u00f6nlendirmeler \u00e7o\u011funlukla \u015f\u00fcpheli e-postalar, sosyal medya mesajlar\u0131 veya yan\u0131lt\u0131c\u0131 reklamlar arac\u0131l\u0131\u011f\u0131yla yap\u0131l\u0131r. &#8220;\u0130nan\u0131lmaz bir \u00f6d\u00fcl kazand\u0131n\u0131z!&#8221;, &#8220;Bu videoyu mutlaka izlemelisiniz!&#8221; gibi sansasyonel ve ger\u00e7ek olamayacak kadar iyi tekliflere kar\u015f\u0131 her zaman \u015f\u00fcpheci yakla\u015f\u0131n. Bilmedi\u011finiz veya g\u00fcvenmedi\u011finiz kaynaklardan gelen ba\u011flant\u0131lara t\u0131klamaktan ka\u00e7\u0131n\u0131n.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tarayici-Guvenlik-Eklentilerinin-Kullanimi-Orn-NoScript\"><\/span>Taray\u0131c\u0131 G\u00fcvenlik Eklentilerinin Kullan\u0131m\u0131 (\u00d6rn: NoScript)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Taray\u0131c\u0131n\u0131za ekleyebilece\u011finiz baz\u0131 g\u00fcvenlik eklentileri, Clickjacking&#8217;e kar\u015f\u0131 etkili bir savunma katman\u0131 olu\u015fturabilir. \u00d6rne\u011fin, <b>NoScript<\/b> gibi eklentiler, siz izin vermedik\u00e7e web sitelerinin JavaScript, iframe ve di\u011fer potansiyel olarak tehlikeli elementleri \u00e7al\u0131\u015ft\u0131rmas\u0131n\u0131 engeller. Bu eklentiler, sadece g\u00fcvendi\u011finiz sitelerde scriptlerin \u00e7al\u0131\u015fmas\u0131na izin vererek, bir\u00e7ok gizli sald\u0131r\u0131 tekni\u011fini daha ba\u015flamadan durdurur. Bu, \u00f6zellikle eski veya g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunan siteleri ziyaret ederken ekstra bir koruma sa\u011flar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tarayici-ve-Isletim-Sistemini-Guncel-Tutmanin-Onemi\"><\/span>Taray\u0131c\u0131 ve \u0130\u015fletim Sistemini G\u00fcncel Tutman\u0131n \u00d6nemi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Taray\u0131c\u0131 geli\u015ftiricileri (Google, Mozilla, Microsoft vb.) ve i\u015fletim sistemi \u00fcreticileri, Clickjacking gibi sald\u0131r\u0131lar\u0131 engellemek i\u00e7in s\u00fcrekli olarak yeni g\u00fcvenlik mekanizmalar\u0131 geli\u015ftirir ve mevcut a\u00e7\u0131klar\u0131 kapat\u0131rlar. Taray\u0131c\u0131n\u0131z\u0131n ve i\u015fletim sisteminizin her zaman en son s\u00fcr\u00fcmde oldu\u011fundan emin olun. Otomatik g\u00fcncellemeleri a\u00e7\u0131k tutmak, sizi bilinen g\u00fcvenlik tehditlerine kar\u015f\u0131 koruman\u0131n en kolay ve en etkili yollar\u0131ndan biridir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tiklamadan-Once-Baglanti-Onizlemelerini-Kontrol-Etme\"><\/span>T\u0131klamadan \u00d6nce Ba\u011flant\u0131 \u00d6nizlemelerini Kontrol Etme<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Modern taray\u0131c\u0131lar\u0131n \u00e7o\u011fu, fare imlecini bir ba\u011flant\u0131n\u0131n \u00fczerine getirdi\u011finizde, pencerenin sol alt k\u00f6\u015fesinde ger\u00e7ek URL&#8217;yi g\u00f6sterir. Bir butona veya linke t\u0131klamadan \u00f6nce imleci \u00fczerine getirip birka\u00e7 saniye bekleyerek, sizi ger\u00e7ekten nereye y\u00f6nlendirece\u011fini kontrol edin. G\u00f6r\u00fcnen metin ile \u00f6nizlemedeki URL aras\u0131nda bir tutars\u0131zl\u0131k varsa (\u00f6rne\u011fin, &#8220;facebook.com&#8221; gibi g\u00f6r\u00fcnen bir link asl\u0131nda &#8220;faceboook-login-scam.com&#8221; adresine gidiyorsa), bu bir oltalama veya Clickjacking giri\u015fimi olabilir. Bu basit al\u0131\u015fkanl\u0131k, sizi bir\u00e7ok tehlikeden koruyabilir.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Clickjacking-Korumasi-ve-Web-Guvenligi-Icin-Neden-IHS-Telekomu-Tercih-Etmelisiniz\"><\/span>Clickjacking Korumas\u0131 ve Web G\u00fcvenli\u011fi \u0130\u00e7in Neden \u0130HS Telekom&#8217;u Tercih Etmelisiniz?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Clickjacking ve di\u011fer web tabanl\u0131 siber sald\u0131r\u0131lar, web siteleri i\u00e7in ciddi bir tehdit olu\u015fturur. Bu tehditlere kar\u015f\u0131 korunmak, yaln\u0131zca do\u011fru kodlama pratiklerini uygulamakla kalmaz, ayn\u0131 zamanda g\u00fc\u00e7l\u00fc ve g\u00fcvenli bir altyap\u0131ya sahip olmay\u0131 da gerektirir. \u0130HS Telekom, sundu\u011fu geli\u015fmi\u015f g\u00fcvenlik \u00e7\u00f6z\u00fcmleri ve uzman deste\u011fi ile web varl\u0131klar\u0131n\u0131z\u0131 bu t\u00fcr tehlikelere kar\u015f\u0131 kapsaml\u0131 bir \u015fekilde korur. \u0130\u015fte bu y\u00fczden <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/\" target=\"_blank\">hosting<\/a> ve <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/\" target=\"_blank\">sunucu<\/a> ihtiya\u00e7lar\u0131n\u0131zda \u0130HS Telekom&#8217;u tercih etmelisiniz:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Web-Uygulama-Guvenlik-Duvari-WAF-ile-Kapsamli-Koruma\"><\/span>Web Uygulama G\u00fcvenlik Duvar\u0131 (WAF) ile Kapsaml\u0131 Koruma<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0130HS Telekom, geli\u015fmi\u015f bir Web Uygulama G\u00fcvenlik Duvar\u0131 (WAF) hizmeti sunar. WAF, web sitenize gelen ve sitenizden giden trafi\u011fi analiz ederek, Clickjacking, XSS, SQL Injection gibi bilinen sald\u0131r\u0131 kal\u0131plar\u0131n\u0131 tespit eder ve daha uygulaman\u0131za ula\u015fmadan engeller. WAF, HTTP ba\u015fl\u0131klar\u0131n\u0131 otomatik olarak yap\u0131land\u0131rarak `X-Frame-Options` ve `Content-Security-Policy` gibi Clickjacking \u00f6nlemlerinin sunucu seviyesinde tutarl\u0131 bir \u015fekilde uygulanmas\u0131n\u0131 sa\u011flar. Bu sayede, uygulaman\u0131zda bir yap\u0131land\u0131rma hatas\u0131 olsa bile ek bir koruma katman\u0131na sahip olursunuz.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Guvenlik-Odakli-Sunucu-Yapilandirmalari-ve-Yonetimi\"><\/span>G\u00fcvenlik Odakl\u0131 Sunucu Yap\u0131land\u0131rmalar\u0131 ve Y\u00f6netimi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>G\u00fcvenlik, \u0130HS Telekom&#8217;un <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/wordpress-hosting.html\" target=\"_blank\">WordPress hosting<\/a>, <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/vps-server.html\" target=\"_blank\">VPS<\/a> ve <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/vds-sunucu.html\" target=\"_blank\">VDS<\/a> hizmetlerinin temelinde yer al\u0131r. Sunucular\u0131m\u0131z, en g\u00fcncel g\u00fcvenlik yamalar\u0131 ve en iyi uygulamalara g\u00f6re yap\u0131land\u0131r\u0131lm\u0131\u015ft\u0131r. Gerekli HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131n\u0131n varsay\u0131lan olarak etkinle\u015ftirilmesi, zararl\u0131 mod\u00fcllerin devre d\u0131\u015f\u0131 b\u0131rak\u0131lmas\u0131 ve eri\u015fim kontrollerinin s\u0131k\u0131la\u015ft\u0131r\u0131lmas\u0131 gibi \u00f6nlemlerle, sunucular\u0131n\u0131z\u0131n Clickjacking ve di\u011fer zafiyetlere kar\u015f\u0131 dayan\u0131kl\u0131l\u0131\u011f\u0131 en \u00fcst d\u00fczeye \u00e7\u0131kar\u0131l\u0131r. <a href=\"https:\/\/www.ihs.com.tr\/blog\/sunucu-yonetimi-server-management-hizmeti-nedir-ve-ne-zaman-ihtiyac-duyarsiniz\/\" target=\"_blank\">Y\u00f6netimli sunucu hizmetlerimizle<\/a> bu yap\u0131land\u0131rmalar\u0131n s\u00fcrekli olarak izlenmesi ve g\u00fcncellenmesi sa\u011flan\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DDoS-ve-Diger-Web-Saldirilarina-Karsi-Gelismis-Altyapi\"><\/span>DDoS ve Di\u011fer Web Sald\u0131r\u0131lar\u0131na Kar\u015f\u0131 Geli\u015fmi\u015f Altyap\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Clickjacking genellikle daha b\u00fcy\u00fck ve karma\u015f\u0131k sald\u0131r\u0131lar\u0131n bir par\u00e7as\u0131 olabilir. \u0130HS Telekom&#8217;un altyap\u0131s\u0131, <a href=\"https:\/\/www.ihs.com.tr\/blog\/ddos-saldirilarinin-ortalama-boyutu-yuzde-52-artti\/\" target=\"_blank\">DDoS sald\u0131r\u0131lar\u0131<\/a> gibi hacimsel tehditlere kar\u015f\u0131 \u00e7ok katmanl\u0131 koruma mekanizmalar\u0131na sahiptir. A\u011f g\u00fcvenli\u011fi, anomali tespiti ve trafik filtreleme sistemlerimiz sayesinde, web sitenizin performans\u0131 ve eri\u015filebilirli\u011fi, siber sald\u0131r\u0131 giri\u015fimleri alt\u0131nda bile korunur. G\u00fc\u00e7l\u00fc bir <a href=\"https:\/\/www.ihs.com.tr\/ssl\/\" target=\"_blank\">SSL sertifikas\u0131<\/a> altyap\u0131s\u0131yla birle\u015fti\u011finde, verilerinizin b\u00fct\u00fcnl\u00fc\u011f\u00fc ve gizlili\u011fi de garanti alt\u0131na al\u0131n\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"724-Uzman-Teknik-Destek-ve-Guvenlik-Danismanligi\"><\/span>7\/24 Uzman Teknik Destek ve G\u00fcvenlik Dan\u0131\u015fmanl\u0131\u011f\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>G\u00fcvenlik s\u00fcrekli bir s\u00fcre\u00e7tir. \u0130HS Telekom&#8217;un 7\/24 hizmet veren uzman teknik destek ekibi, herhangi bir g\u00fcvenlik endi\u015fenizde veya olay an\u0131nda size yard\u0131mc\u0131 olmak i\u00e7in haz\u0131rd\u0131r. \u0130ster sitenizin Clickjacking&#8217;e kar\u015f\u0131 do\u011fru yap\u0131land\u0131r\u0131ld\u0131\u011f\u0131ndan emin olmak isteyin, ister \u015f\u00fcpheli bir aktiviteyi bildirmek isteyin, uzman ekibimiz size en do\u011fru bilgiyi ve en h\u0131zl\u0131 \u00e7\u00f6z\u00fcm\u00fc sunar. M\u00fc\u015fterilerimize sadece bir hizmet sa\u011flay\u0131c\u0131 olarak de\u011fil, ayn\u0131 zamanda bir g\u00fcvenlik orta\u011f\u0131 olarak yakla\u015f\u0131yoruz. Alan ad\u0131 g\u00fcvenli\u011finiz i\u00e7in <a href=\"https:\/\/www.ihs.com.tr\/whois-sorgulama\" target=\"_blank\">domain sorgulama<\/a> ve transfer i\u015flemlerinizde de yan\u0131n\u0131zday\u0131z.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dijital d\u00fcnyada kullan\u0131c\u0131lar\u0131n g\u00fcvenli\u011fini tehdit eden bir\u00e7ok siber sald\u0131r\u0131 t\u00fcr\u00fc bulunmaktad\u0131r. Bunlardan biri olan Clickjacking (T\u0131klama Sahtekarl\u0131\u011f\u0131), kullan\u0131c\u0131lar\u0131 fark\u0131nda olmadan istemedikleri eylemleri&hellip;<\/p>\n","protected":false},"author":3,"featured_media":15989,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[466],"tags":[],"class_list":["post-15988","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bilgi-guvenligi"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15988","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=15988"}],"version-history":[{"count":1,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15988\/revisions"}],"predecessor-version":[{"id":15990,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15988\/revisions\/15990"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/15989"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=15988"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=15988"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=15988"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}