{"id":5188,"date":"2015-10-26T07:00:26","date_gmt":"2015-10-26T05:00:26","guid":{"rendered":"https:\/\/ihs.com.tr\/blog\/?p=5188"},"modified":"2019-01-04T09:31:32","modified_gmt":"2019-01-04T07:31:32","slug":"wordpressteki-xml-rpc-acigi-sunucularin-cokertilebilmesinin-yolunu-aciyor","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/wordpressteki-xml-rpc-acigi-sunucularin-cokertilebilmesinin-yolunu-aciyor\/","title":{"rendered":"WordPress&#8217;teki XML-RPC a\u00e7\u0131\u011f\u0131 sunucular\u0131n \u00e7\u00f6kertilebilmesinin yolunu a\u00e7\u0131yor"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Ayarlar\u0131 do\u011fru yap\u0131lmam\u0131\u015f ve gereken <strong>g\u00fcncellemeleri eksik WordPress altyap\u0131lar\u0131<\/strong> \u00f6nemli sorunlar\u0131 da beraberinde getiriyor. D\u00fcnya genelinde <strong>60 milyondan fazla web sitesinin WordPress platformunda \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131<\/strong> d\u00fc\u015f\u00fcn\u00fcrsek bu konunun neden \u00f6nemli oldu\u011funu daha iyi anla\u015f\u0131labilir.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Yeni fark\u0131na var\u0131lan a\u00e7\u0131k ise bu sefer WordPress&#8217;in b\u00fcnyesinde, <strong>XML-RPC \u00f6zelli\u011finde<\/strong>. <strong>Brute force<\/strong> sald\u0131r\u0131lar\u0131na izin veren bu \u00f6zellik, sunucu limitlerinin a\u015f\u0131larak <strong>tek sorguda 500 \u015fifre denenebilmesine<\/strong> imkan sa\u011fl\u0131yor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Normalde 1 sorguda 1 \u015fifre kullan\u0131lmas\u0131 gerekirken bunu 500 olarak kullanabilen sald\u0131rganlar, farkl\u0131 denemelerle sunucu \u015fifresini bulup <strong>sunucuyu ele ge\u00e7irebiliyorlar.<\/strong><\/span><\/p>\n<p><a href=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/10\/wordpress_padlock-350.png\" data-rel=\"penci-gallery-image-content\" ><img decoding=\"async\" class=\"aligncenter size-full wp-image-5189\" src=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/10\/wordpress_padlock-350.png\" alt=\"wordpress_padlock-350\" width=\"350\" height=\"270\" srcset=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/10\/wordpress_padlock-350.png 350w, https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/10\/wordpress_padlock-350-300x231.png 300w\" sizes=\"(max-width: 350px) 100vw, 350px\" \/><\/a><\/p>\n<p><span style=\"font-size: 14pt;\">XML-RPC, verilerin internet \u00fczerinde kar\u015f\u0131l\u0131kl\u0131 bir \u015fekilde ta\u015f\u0131nmas\u0131n\u0131 sa\u011flayan bir protokol. Ve \u015fu anda <strong>bu protokol kullan\u0131larak<\/strong> WordPress&#8217;e sald\u0131r\u0131labiliyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">\u0130\u015fin k\u00f6t\u00fc yan\u0131, bu teoride de\u011fil, <strong>pratikte de kullan\u0131l\u0131yor<\/strong>. Payla\u015f\u0131lan bilgilere g\u00f6re bu a\u00e7\u0131k \u015fu anda hacker&#8217;lar taraf\u0131ndan tercih edilen y\u00f6ntemlerden biri olmu\u015f durumda.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ge\u00e7ti\u011fimiz haftalarda <a href=\"https:\/\/www.ihs.com.tr\/blog\/wordpressteki-akismet-guvenlik-sorunu-cozuldu\/\" target=\"_blank\"><strong>Akismet eklentisindeki bir a\u00e7\u0131k<\/strong><\/a> sebebiyle de WordPress hakk\u0131nda bir g\u00fcvenlik haberi payla\u015f\u0131lm\u0131\u015f, \u00f6nlem al\u0131nmas\u0131 gerekti\u011fi duyurulmu\u015ftu. WordPress&#8217;in yayg\u0131n bir platform olmas\u0131 sebebiyle <strong>her ge\u00e7en g\u00fcn daha fazla hacker&#8217;\u0131n ilgisini \u00e7ekti\u011fini<\/strong> s\u00f6ylemek yanl\u0131\u015f olmaz.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ancak WordPress&#8217;in ad\u0131 bu gibi konularda g\u00fcndeme s\u0131k s\u0131k geliyor olsa da, a\u00e7\u0131klar\u0131 kapatmak konusunda <strong>WordPress&#8217;in h\u0131zl\u0131 \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 da s\u00f6ylememiz gerekiyor.<\/strong><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ayarlar\u0131 do\u011fru yap\u0131lmam\u0131\u015f ve gereken g\u00fcncellemeleri eksik WordPress altyap\u0131lar\u0131 \u00f6nemli sorunlar\u0131 da beraberinde getiriyor. D\u00fcnya genelinde 60 milyondan fazla web sitesinin WordPress&hellip;<\/p>\n","protected":false},"author":3,"featured_media":5191,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,397],"tags":[],"class_list":["post-5188","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler","category-wordpress"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=5188"}],"version-history":[{"count":3,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5188\/revisions"}],"predecessor-version":[{"id":5207,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5188\/revisions\/5207"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/5191"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=5188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=5188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=5188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}