{"id":6555,"date":"2016-01-26T16:19:03","date_gmt":"2016-01-26T14:19:03","guid":{"rendered":"https:\/\/ihs.com.tr\/blog\/?p=6555"},"modified":"2016-01-26T16:19:03","modified_gmt":"2016-01-26T14:19:03","slug":"kesif-saldirisi-3500un-uzerinde-web-sitesini-etkiledi","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/kesif-saldirisi-3500un-uzerinde-web-sitesini-etkiledi\/","title":{"rendered":"Ke\u015fif Sald\u0131r\u0131s\u0131 3500\u2019\u00fcn \u00dczerinde Web Sitesini Etkiledi"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Sald\u0131rganlar yapt\u0131klar\u0131 ke\u015fif sald\u0131r\u0131s\u0131 ile etkiledikleri web sitelerinin en \u00fcst\u00fcne izinsiz bir kod yerle\u015ftiriyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><strong>Symantec<\/strong> ofislerinde alarmlar \u00e7al\u0131yor. Symantec ara\u015ft\u0131rma ekibi \u015fu an internetteki web sunucular\u0131n\u0131 etkileyen devasa bir sald\u0131r\u0131s\u0131 oldu\u011funu s\u00f6yl\u00fcyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Symantec g\u00fcvenlik \u00fcr\u00fcnlerinden gelen verilerden yola \u00e7\u0131kan Symantec uzmanlar\u0131 bir\u00e7ok web sitesinin kaynak kodunda ortak bir javascript kodu tespit etti.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Bu y\u0131l\u0131n ba\u015f\u0131ndan itibaren kimli\u011fi bilinmeyen sald\u0131rganlar ayn\u0131 JavaScript kodunu birbiriyle hi\u00e7 ilgisi olmayan \u00e7ok say\u0131da web sitesine eklemeye ba\u015flam\u0131\u015ft\u0131.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Symantec bu say\u0131n\u0131n yakla\u015f\u0131k 3500 oldu\u011funu, sitelerin %75\u2019ten fazlas\u0131n\u0131n ise ABD\u2019de, geri kalan\u0131n\u0131n da Hindistan, \u0130ngiltere, \u0130talya, Japonya, Fransa, Kanada, Rusya, Brezilya ve Avustralya\u2019da host edildi\u011fini tahmin ediyor. Etkilenen web sitelerinin \u00e7o\u011fu \u00f6zel kurulu\u015flara, e\u011fitim enstit\u00fclerine ve h\u00fck\u00fcmet sayfalar\u0131na ait.<\/span><\/p>\n<p><a href=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2016\/01\/symantec-ke\u015fif-sald\u0131r\u0131s\u0131.png\" data-rel=\"penci-gallery-image-content\" rel=\"attachment wp-att-6557\"><img decoding=\"async\" class=\"alignnone size-medium wp-image-6557\" src=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2016\/01\/symantec-ke\u015fif-sald\u0131r\u0131s\u0131-300x169.png\" alt=\"symantec ke\u015fif sald\u0131r\u0131s\u0131\" width=\"300\" height=\"169\" srcset=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2016\/01\/symantec-ke\u015fif-sald\u0131r\u0131s\u0131-300x169.png 300w, https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2016\/01\/symantec-ke\u015fif-sald\u0131r\u0131s\u0131.png 800w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><span style=\"font-size: 14pt;\">Otomatik komut dosyalar\u0131 sald\u0131rganlar\u0131n siteleri ele ge\u00e7irmesini kolayla\u015ft\u0131r\u0131yor<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Symantec sald\u0131rganlar\u0131n \u00e7ok b\u00fcy\u00fck ihtimalle otomatik komut dosyalar\u0131n\u0131 kullanarak bu web sitelerini tar\u0131yor ve b\u00f6ylece a\u00e7\u0131klardan faydalan\u0131yor, muhtemelen de a\u00e7\u0131\u011f\u0131 bulunan sitelere k\u00f6t\u00fc ama\u00e7l\u0131 HTML kodlar\u0131n\u0131 yerle\u015ftirdi\u011fini belirtiyor.<br \/>\n<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Web sitelerinin a\u00e7\u0131l\u0131\u015f sayfalar\u0131na eklenen izinsiz kodlar k\u00f6t\u00fc ama\u00e7l\u0131 de\u011fil fakat Symantec bu kodlar\u0131n ziyaret\u00e7ilere ait kullan\u0131c\u0131 IP\u2019si, sayfa ba\u015fl\u0131\u011f\u0131, sayfa URL\u2019si, URL referans\u0131, Flash versiyonu, kullan\u0131c\u0131 dil ayarlar\u0131 ve ekran \u00e7\u00f6z\u00fcn\u00fcrl\u00fc\u011f\u00fc gibi <strong>ki\u015fisel verileri<\/strong> toplad\u0131\u011f\u0131n\u0131 s\u00f6yl\u00fcyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Bu duruma getirilen en basit a\u00e7\u0131klama sald\u0131rganlar\u0131n \u015fu an sald\u0131r\u0131lar\u0131n\u0131n\u00a0ba\u015flang\u0131\u00e7 a\u015famas\u0131nda oldu\u011fu, web sitelerinin ziyaret\u00e7ilerine ait verileri toplad\u0131ktan sonra bu verileri ele ge\u00e7irdikleri her sitenin ziyaret\u00e7i taban\u0131na g\u00f6re <strong>bir sald\u0131r\u0131 tipi<\/strong> belirlemek i\u00e7in kullanacaklar\u0131.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Sald\u0131rganlar\u0131n bu ke\u015fif sald\u0131r\u0131s\u0131 vas\u0131tas\u0131yla \u015fu anki izinsiz kodun yerine ziyaret\u00e7ileri bir exploit kitine y\u00f6nlendirecek daha k\u00f6t\u00fc ama\u00e7l\u0131 bir yaz\u0131l\u0131m koymalar\u0131, bu yaz\u0131l\u0131m vas\u0131tas\u0131yla da bankac\u0131l\u0131k trojanlar\u0131, k\u00f6t\u00fc ama\u00e7l\u0131 reklamlar\u0131 veya fidye yaz\u0131l\u0131mlar\u0131 da\u011f\u0131tmalar\u0131 olduk\u00e7a kolay olacak.<br \/>\n<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ma\u011fdurlar aras\u0131nda WordPress de var m\u0131?<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Symantec bu izinsiz kodun yaln\u0131zca bir \u201ctan\u0131nm\u0131\u015f i\u00e7erik y\u00f6netimi sistemini\u201d ele ge\u00e7irdi\u011fini bildiriyor. Symantec\u2019in <a href=\"http:\/\/www.symantec.com\/security_response\/attacksignatures\/detail.jsp?asid=28821\" target=\"_blank\" rel=\"nofollow\">g\u00fcvenlik uyar\u0131s\u0131nda<\/a> WordPress\u2019in ad\u0131 ge\u00e7iyor ama bunun bir \u00f6rnek olarak m\u0131 kullan\u0131ld\u0131\u011f\u0131, yoksa <strong>WordPress<\/strong> isminin bu sald\u0131r\u0131 kapsam\u0131nda dahil oldu\u011fu bilinmiyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ge\u00e7mi\u015f WordPress \u00e7ekirdeklerindeki, eklentilerindeki ve \u00f6zel temalar\u0131ndaki g\u00fcvenlik a\u00e7\u0131klar\u0131, ayr\u0131ca WordPress piyasas\u0131n\u0131n hala \u00e7ok par\u00e7al\u0131 oldu\u011fu g\u00f6z \u00f6n\u00fcnde bulunduruldu\u011funda, WordPress i\u00e7erik portal\u0131n\u0131n ana hedef oldu\u011fu s\u00f6ylenebilir. \u0130nternetin d\u00f6rtte birinden fazlas\u0131 taraf\u0131ndan kullan\u0131l\u0131yor olmas\u0131 da WordPress\u2019i hackerlar i\u00e7in cazip bir hedef haline getiriyor.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sald\u0131rganlar yapt\u0131klar\u0131 ke\u015fif sald\u0131r\u0131s\u0131 ile etkiledikleri web sitelerinin en \u00fcst\u00fcne izinsiz bir kod yerle\u015ftiriyor. Symantec ofislerinde alarmlar \u00e7al\u0131yor. Symantec ara\u015ft\u0131rma ekibi \u015fu&hellip;<\/p>\n","protected":false},"author":3,"featured_media":6556,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6555","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6555","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=6555"}],"version-history":[{"count":3,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6555\/revisions"}],"predecessor-version":[{"id":6560,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6555\/revisions\/6560"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/6556"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=6555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=6555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=6555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}