{"id":1269,"date":"2022-09-21T13:09:24","date_gmt":"2022-09-21T13:09:24","guid":{"rendered":"https:\/\/sunucucozumleri.com\/?p=1269"},"modified":"2023-08-07T21:12:06","modified_gmt":"2023-08-07T21:12:06","slug":"whmcs-guvenligi","status":"publish","type":"post","link":"https:\/\/sunucucozumleri.com\/blog\/whmcs-guvenligi\/","title":{"rendered":"WHMCS G\u00fcvenli\u011fi"},"content":{"rendered":"

Merhabalar,
\nBug\u00fcn bilgi bankam\u0131zda sizlere
\nWHMCS G\u00fcvenlik \u00d6nlemleri
\nWHMCS Tema \u00c7al\u0131nmalar\u0131na Kar\u015f\u0131 Al\u0131nabilecek \u00d6nlemleri
\nkonusunda bilgiler payla\u015faca\u011f\u0131z.<\/p>\n

1 – Whmcs G\u00fcvenlik \u00d6nlemleri
\nHosting hizmeti veren bir \u00e7ok firmada kullan\u0131lan otomasyon sistemlerinden birisi de WHMCS’dir. Yayg\u0131n olarak kullan\u0131lmas\u0131n\u0131n getirmi\u015f oldu\u011fu iyi taraflar\u0131n\u0131n oldu\u011fu kadar, bilin\u00e7siz yap\u0131land\u0131r\u0131lmalarda bir\u00e7ok firman\u0131y\u0131da zor duruma d\u00fc\u015f\u00fcrebilmektedir.
\nPeki nas\u0131l g\u00fcvenli hale getirebiliriz.<\/h3>\n

\u00d6ncelikle sunucumuzda PHP handler olarak suPHP aktif hale getiriyoruz.
\n
\nfind .\/ -iname \"*.php\" -exec chmod 600 {} \\;
\nfind .\/ -type d -exec chmod 711 {} \\;
\n<\/code>
\nkomutunu SSH terminal \u00fczerinden \u00e7al\u0131\u015ft\u0131ral\u0131m.<\/p>\n

Taray\u0131c\u0131 \u00fczerinden cron job eri\u015fimini engellemek
\nWHMCS’nin zamanlanm\u0131\u015f dosya olarak kulland\u0131\u011f\u0131 crons\/cron.php dosyas\u0131n\u0131 art niyetli ki\u015filerin taray\u0131c\u0131 \u00fczerinden \u00e7al\u0131\u015ft\u0131rmas\u0131n\u0131 engellemek i\u00e7in konsol \u00fczerinden,
\n
\ncd \/whmcsklasoryolu
\ncd crons
\necho \"deny from all\" > .htaccess
\n<\/code>
\nkomutunu \u00e7al\u0131\u015ft\u0131ral\u0131m.<\/p>\n

WHMCS configuration.php dosyas\u0131nda yap\u0131lmas\u0131 gereken de\u011fi\u015fikler,
\nAdmin klas\u00f6r yolunu de\u011fi\u015ftirmek
\n$customadminpath = “home\/dizinadi\/yeniadminpaneli”;<\/p>\n

templates_c klas\u00f6r yolunu de\u011fi\u015ftirmek<\/p>\n

$templates_compiledir = “home\/dizinadi\/yenicache_c\/”;<\/p>\n

downloads klas\u00f6r\u00fcn\u00fcn yolunu de\u011fi\u015ftirmek
\n$downloads_dir = “home\/dizinadi\/yenidosyaadresi\/”;
\nattachment klas\u00f6r yolunu de\u011fi\u015ftirmek
\n$attachments_dir = “home\/dizinad\u0131n\u0131z\/attachments\/”;<\/p>\n

<\/span>2- WHMCS Tema G\u00fcvenli\u011fi<\/span><\/h3>\n

Hepimiz biliyoruz ki whmcs temalar\u0131nda, template motorundan olsa gerek .tpl uzant\u0131s\u0131 kullan\u0131lmaktad\u0131r. \u00d6zel olarak yapm\u0131\u015f oldu\u011funuz \u00e7al\u0131\u015fmalar\u0131n birka\u00e7 t\u0131k ile indirilebilece\u011finin fark\u0131nday\u0131z. \u00d6rnek olarak, siteadi.com\/templates\/temaadi\/tpldosyaadi.tpl yaz\u0131ld\u0131\u011f\u0131nda tpl dosyalar\u0131 indirilebilmektedir. Art niyetli kullan\u0131m\u0131n \u00f6n\u00fcne ge\u00e7mek ve yapm\u0131\u015f oldu\u011fumuz \u00e7al\u0131\u015fmalar\u0131n \u00e7al\u0131nmas\u0131n\u0131 engellemek i\u00e7in \/templates\/ klas\u00f6r\u00fcm\u00fcz\u00fcn i\u00e7erisine .htaccess dosyas\u0131 olu\u015ftural\u0131m ve a\u015fa\u011f\u0131daki kodu ekleyip kaydedelim.
\n
\n<filesMatch \"\\.(tpl|.php)$\">
\ndeny from all<\/p>\n

<\/code><\/p>\n

httrack program\u0131n\u0131 engelleme<\/p>\n


\nRewriteEngine On
\nRewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Bot\\ mailto:craftbot@yahoo.com [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Download\\ Demon [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Express\\ WebPictures [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
\nRewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Image\\ Stripper [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Image\\ Sucker [OR]
\nRewriteCond %{HTTP_USER_AGENT} Indy\\ Library [NC,OR]
\nRewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Internet\\ Ninja [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^JOC\\ Web\\ Spider [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Mass\\ Downloader [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^MIDown\\ tool [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Mister\\ PiX [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Net\\ Vampire [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Offline\\ Explorer [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Offline\\ Navigator [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Papa\\ Foto [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Teleport\\ Pro [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Web\\ Image\\ Collector [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Web\\ Sucker [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^WebGo\\ IS [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Website\\ eXtractor [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Website\\ Quester [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Xaldon\\ WebSpider [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^Zeus
\nRewriteRule .* - [F]
\n<\/code><\/p>\n

Teleport Engelleme<\/p>\n

Disallow: \/<\/p>\n

User-agent: TeleportPro
\nDisallow: \/<\/p>\n","protected":false},"excerpt":{"rendered":"

Merhabalar, Bug\u00fcn bilgi bankam\u0131zda sizlere WHMCS G\u00fcvenlik \u00d6nlemleri WHMCS Tema \u00c7al\u0131nmalar\u0131na Kar\u015f\u0131 Al\u0131nabilecek \u00d6nlemleri konusunda bilgiler payla\u015faca\u011f\u0131z. 1 – Whmcs G\u00fcvenlik \u00d6nlemleri Hosting hizmeti veren bir \u00e7ok firmada kullan\u0131lan otomasyon sistemlerinden birisi de WHMCS’dir. Yayg\u0131n olarak kullan\u0131lmas\u0131n\u0131n getirmi\u015f oldu\u011fu iyi taraflar\u0131n\u0131n oldu\u011fu kadar, bilin\u00e7siz yap\u0131land\u0131r\u0131lmalarda bir\u00e7ok firman\u0131y\u0131da zor duruma d\u00fc\u015f\u00fcrebilmektedir. Peki nas\u0131l g\u00fcvenli hale getirebiliriz. …<\/p>\n","protected":false},"author":1,"featured_media":1456,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[234],"tags":[],"class_list":["post-1269","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-whmcs"],"acf":[],"_links":{"self":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts\/1269","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/comments?post=1269"}],"version-history":[{"count":0,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts\/1269\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/media\/1456"}],"wp:attachment":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/media?parent=1269"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/categories?post=1269"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/tags?post=1269"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}