{"id":8900,"date":"2016-11-14T09:27:51","date_gmt":"2016-11-14T07:27:51","guid":{"rendered":"https:\/\/ihs.com.tr\/blog\/?p=8900"},"modified":"2016-11-14T09:27:51","modified_gmt":"2016-11-14T07:27:51","slug":"joomla-siteler-ciddi-tehdit-altinda","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/joomla-siteler-ciddi-tehdit-altinda\/","title":{"rendered":"Joomla Siteler Ciddi Tehdit Alt\u0131nda"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">D\u00fcnyan\u0131n en pop\u00fcler 2. i\u00e7erik y\u00f6netim sistemi <strong>Joomla<\/strong> ge\u00e7ti\u011fimiz hafta i\u00e7erisinde ortaya \u00e7\u0131kart\u0131lan birtak\u0131m a\u00e7\u0131klar nedeniyle bir s\u00fcredir sald\u0131r\u0131 alt\u0131nda.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">G\u00fcvenlik duyurular\u0131 20161001 (CVE-2016-8870) ve 20161002 (CVE-2016-8869) Joomla\u2019n\u0131n kullan\u0131c\u0131 kay\u0131t kodundaki a\u00e7\u0131klar\u0131n sald\u0131rganlara \u201ckay\u0131t se\u00e7ene\u011finin devre d\u0131\u015f\u0131 oldu\u011fu durumlarda bir siteye kaydolma\u201d ve sonra \u201cartt\u0131r\u0131lm\u0131\u015f ayr\u0131cal\u0131klarla kaydolma\u201d imkan\u0131 tan\u0131yabilece\u011fi ifade ediliyor. Ba\u015fka bir deyi\u015fle, bu a\u00e7\u0131klar Joomla ile \u00e7al\u0131\u015fan sitelerin kilidini kolayca a\u00e7mak i\u00e7in kullan\u0131labiliyor. Bu \u015fekilde a\u00e7\u0131\u011f\u0131 oldu\u011fu tespit edilen Joomla sitelerin say\u0131s\u0131n\u0131n milyonlarca oldu\u011fu s\u00f6yleniyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Bahsi ge\u00e7en Joomla a\u00e7\u0131klar\u0131na \u201cfiltrelenmemi\u015f verinin yanl\u0131\u015f kullan\u0131m\u0131\u201d ve \u201cyetersiz kontroller\u201d neden oluyor. Joomla\u2019n\u0131n 3.4.4\u2019ten 3.6.3\u2019e kadar t\u00fcm s\u00fcr\u00fcmleri bu a\u00e7\u0131ktan etkilenmi\u015f durumda. Halen Joomla\u2019n\u0131n yamalanmam\u0131\u015f bir s\u00fcr\u00fcm\u00fcn\u00fc kullanmakta olanlar vakit kaybetmeden 3.6.4\u2019e ge\u00e7meli ve sistemini olas\u0131 risklere kar\u015f\u0131 didik didik kontrol etmeli.<\/span><\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-8901 size-medium\" src=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2016\/11\/joomla-3.6.4-300x124.jpg\" alt=\"joomla 3.6.4\" width=\"300\" height=\"124\" srcset=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2016\/11\/joomla-3.6.4-300x124.jpg 300w, https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2016\/11\/joomla-3.6.4.jpg 869w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<p><span style=\"font-size: 14pt;\">3.6.4 g\u00fcncellemesi sorunlu kodu tamamen siliyor ve bu a\u00e7\u0131kla ba\u011flant\u0131l\u0131 \u00fc\u00e7\u00fcnc\u00fc bir a\u00e7\u0131k olan 20161003\u2019i de (CVE-2016-9081) ortadan kald\u0131r\u0131yor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Bu a\u00e7\u0131klar\u0131n ortaya \u00e7\u0131kmas\u0131ndan sonra sald\u0131r\u0131larda \u00f6yle bir at\u0131\u015f oldu ki web g\u00fcvenli\u011fi \u015firketi Sucuri Joomla sitesi olanlara sitelerinin \u00e7oktan hacklenmi\u015f oldu\u011funu varsayabileceklerini s\u00f6yl\u00fcyor: \u201cSald\u0131r\u0131larda g\u00f6r\u00fclen ani art\u0131\u015f nedeniyle, g\u00fcncellenmemi\u015f t\u00fcm Joomla sitelerinin b\u00fcy\u00fck ihtimalle hacklenmi\u015f oldu\u011funu d\u00fc\u015f\u00fcn\u00fcyoruz.\u201d<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Benzer bir mesaj 2014 y\u0131l\u0131nda Drupal\u2019de benzer bir kritik a\u00e7\u0131k tespit edildi\u011finde verilmi\u015f, a\u00e7\u0131\u011f\u0131 kapatacak yaman\u0131n yay\u0131nlanmas\u0131n\u0131n hemen ard\u0131ndan ba\u015flayan otomatik sald\u0131r\u0131lar sonucunda Drupal site sahipleri zor anlar ya\u015fam\u0131\u015ft\u0131. \u00a0<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">WordPress, Drupal ve Joomla gibi pop\u00fcler i\u00e7erik y\u00f6netim sistemlerinin ba\u015far\u0131lar\u0131 bu sistemleri cazip hedefler haline getiriyor ve tek bir a\u00e7\u0131k bile sald\u0131rganlara milyonlarca hedefe sald\u0131r\u0131 d\u00fczenleme f\u0131rsat\u0131n\u0131 veriyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ge\u00e7ti\u011fimiz hafta i\u00e7erisinde Joomla\u2019da tespit edilenler kadar ciddi a\u00e7\u0131klara neyse ki nadiren rastlan\u0131yor ama bir yandan da tek bir i\u00e7erik y\u00f6netim sistemindeki uzaktan istismar edilebilir a\u00e7\u0131k \u00e7ok h\u0131zl\u0131 bir \u015fekilde di\u011fer sistemlere de yay\u0131labiliyor. Hacklenmi\u015f siteler do\u011frudan botnetlere ba\u011flanabiliyor ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 da\u011f\u0131t\u0131lmak, milyarlarca spam e-posta yollamak veya\u00a0 DDoS sald\u0131r\u0131lar\u0131 d\u00fczenlemek i\u00e7in kullan\u0131labiliyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Modern i\u00e7erik y\u00f6netim sistemi yaz\u0131l\u0131mlar\u0131n\u0131n ba\u015far\u0131s\u0131 k\u0131smen teknik bilgisi zay\u0131f kullan\u0131c\u0131lara sunduklar\u0131 g\u00fc\u00e7ten geliyor ama ayn\u0131 g\u00fc\u00e7 g\u00fcvenlik bak\u0131m\u0131ndan da ciddi tehditleri beraberinde getiriyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Son olarak, bir yaman\u0131n ne zaman yay\u0131nland\u0131\u011f\u0131 de\u011fil, ne zaman uyguland\u0131\u011f\u0131 \u00f6nemli. Bu y\u00fczden \u00f6zellikle Drupal ve Joomla\u2019n\u0131n WordPress\u2019in a\u00e7t\u0131\u011f\u0131 yolu takip etmeleri ve otomatik g\u00fcvenlik g\u00fcncellemelerini varsay\u0131lan olarak yaz\u0131l\u0131mlar\u0131na eklemeleri b\u00fcy\u00fck \u00f6nem te\u015fkil ediyor.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>D\u00fcnyan\u0131n en pop\u00fcler 2. i\u00e7erik y\u00f6netim sistemi Joomla ge\u00e7ti\u011fimiz hafta i\u00e7erisinde ortaya \u00e7\u0131kart\u0131lan birtak\u0131m a\u00e7\u0131klar nedeniyle bir s\u00fcredir sald\u0131r\u0131 alt\u0131nda. G\u00fcvenlik duyurular\u0131&hellip;<\/p>\n","protected":false},"author":3,"featured_media":8902,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-8900","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8900","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=8900"}],"version-history":[{"count":3,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8900\/revisions"}],"predecessor-version":[{"id":8911,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8900\/revisions\/8911"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/8902"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=8900"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=8900"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=8900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}