{"id":496,"date":"2026-01-18T20:09:00","date_gmt":"2026-01-18T20:09:00","guid":{"rendered":"https:\/\/narhost.com\/blog\/?p=496"},"modified":"2026-01-25T14:48:18","modified_gmt":"2026-01-25T14:48:18","slug":"brute-force-nedir","status":"publish","type":"post","link":"https:\/\/narhost.com\/blog\/brute-force-nedir\/","title":{"rendered":"Brute Force Nedir?"},"content":{"rendered":"\r\n<p><strong>Brute force<\/strong>, T\u00fcrk\u00e7eye \u201ckaba kuvvet\u201d olarak \u00e7evrilir. Bilgisayar sistemlerindeki bir \u015fifreyi, anahtar\u0131 ya da kimlik do\u011frulama mekanizmas\u0131n\u0131 <strong>t\u00fcm olas\u0131l\u0131klar\u0131 deneyerek<\/strong> k\u0131rmaya \u00e7al\u0131\u015fan sald\u0131r\u0131 t\u00fcr\u00fcd\u00fcr. Yani sald\u0131rgan, do\u011fru kombinasyonu bulana kadar her olas\u0131 se\u00e7ene\u011fi sistematik bir \u015fekilde dener.<\/p>\r\n\r\n\r\n\r\n<p>Basit bir \u00f6rnekle anlatmak gerekirse; 3 haneli bir kasa \u015fifresini d\u00fc\u015f\u00fcn\u00fcn. Sald\u0131rgan, \u00f6nce 000 dener, sonra 001, 002&#8230; ta ki do\u011fru \u015fifreyi bulana kadar. \u0130\u015fte bu yakla\u015f\u0131m, brute force mant\u0131\u011f\u0131d\u0131r.<\/p>\r\n\r\n\r\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Brute Force Sald\u0131r\u0131s\u0131 Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/h2>\r\n\r\n\r\n\r\n<p>Brute force sald\u0131r\u0131lar\u0131nda kullan\u0131lan temel y\u00f6ntem \u015fu \u015fekildedir:<\/p>\r\n\r\n\r\n\r\n<ol class=\"wp-block-list\">\r\n<li><strong>Hedef Sistemi Belirleme<\/strong><br \/>Web sitesi, uygulama, e-posta hesab\u0131 veya a\u011f sistemi olabilir.<\/li>\r\n\r\n\r\n\r\n<li><strong>Kombinasyon \u00dcretme<\/strong><br \/>Harf, rakam ve sembollerden olu\u015fan olas\u0131 t\u00fcm kombinasyonlar otomatik olarak \u00fcretilir.<\/li>\r\n\r\n\r\n\r\n<li><strong>Deneme S\u00fcreci<\/strong><br \/>\u00dcretilen her kombinasyon s\u0131rayla sisteme g\u00f6nderilir.<\/li>\r\n\r\n\r\n\r\n<li><strong>Do\u011fru \u015eifreye Ula\u015fma<\/strong><br \/>Do\u011fru kombinasyon bulundu\u011funda sisteme giri\u015f sa\u011flan\u0131r ve sald\u0131r\u0131 ba\u015far\u0131l\u0131 olur.<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n<p>Bu sald\u0131r\u0131lar, genellikle otomatikle\u015ftirilmi\u015f yaz\u0131l\u0131mlar veya botlar arac\u0131l\u0131\u011f\u0131yla yap\u0131l\u0131r. Elle yap\u0131lmas\u0131 neredeyse imk\u00e2ns\u0131zd\u0131r \u00e7\u00fcnk\u00fc milyonlarca kombinasyonu denemek uzun zaman alabilir.<\/p>\r\n\r\n\r\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Brute Force T\u00fcrleri<\/h2>\r\n\r\n\r\n\r\n<p><a href=\"https:\/\/www.narhost.com\/blog\/brute-force-nedir\/\">Brute force<\/a> sald\u0131r\u0131lar\u0131, kullan\u0131lan y\u00f6nteme g\u00f6re farkl\u0131 alt t\u00fcrlere ayr\u0131l\u0131r:<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">1. <strong>Basit Brute Force (Klasik Y\u00f6ntem)<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Her olas\u0131 \u015fifre kombinasyonu s\u0131ras\u0131yla denenir. \u00d6rne\u011fin: 0000, 0001, 0002, &#8230; gibi.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">2. <strong>S\u00f6zl\u00fck Sald\u0131r\u0131s\u0131 (Dictionary Attack)<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Bu y\u00f6ntemde sald\u0131rgan, daha \u00f6nce ele ge\u00e7irilmi\u015f veya yayg\u0131n olarak kullan\u0131lan \u015fifrelerin yer ald\u0131\u011f\u0131 bir \u201c\u015fifre s\u00f6zl\u00fc\u011f\u00fc\u201d kullan\u0131r. Bu, deneme say\u0131s\u0131n\u0131 azalt\u0131r.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">3. <strong>Hibrit Brute Force<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>S\u00f6zl\u00fck sald\u0131r\u0131s\u0131 ve klasik brute force y\u00f6nteminin birle\u015fimidir. \u00d6rne\u011fin: \u201cadmin123\u201d, \u201c12345!\u201d, \u201cqwerty2023\u201d gibi s\u0131k kullan\u0131lan varyasyonlar\u0131 dener.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">4. <strong>Ters Brute Force (Reverse Brute Force)<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Bu y\u00f6ntemde, bilinen bir \u015fifre kullan\u0131larak o \u015fifreye sahip kullan\u0131c\u0131 hesaplar\u0131 aran\u0131r. \u00d6rne\u011fin: \u201c123456\u201d \u015fifresine sahip t\u00fcm hesaplar\u0131 bulmaya \u00e7al\u0131\u015fmak.<\/p>\r\n\r\n\r\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Brute Force Sald\u0131r\u0131lar\u0131n\u0131n Kullan\u0131m Alanlar\u0131<\/h2>\r\n\r\n\r\n\r\n<figure class=\"wp-block-image alignnone size-full wp-image-16\"><img decoding=\"async\" class=\"wp-image-16\" src=\"https:\/\/narhost.com\/blog\/wp-content\/uploads\/2025\/09\/brute-force-nedir.webp\" alt=\"brute force nedir\" \/>\r\n<figcaption class=\"wp-element-caption\">brute force nedir<\/figcaption>\r\n<\/figure>\r\n\r\n\r\n\r\n<p>Brute force sald\u0131r\u0131lar\u0131 genellikle \u015fu alanlarda g\u00f6r\u00fcl\u00fcr:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li><strong>Web sitesi giri\u015f panelleri (admin paneli, CMS sistemleri)<\/strong><\/li>\r\n\r\n\r\n\r\n<li><strong>E-posta hesaplar\u0131<\/strong><\/li>\r\n\r\n\r\n\r\n<li><strong>SSH, FTP ve RDP gibi uzaktan ba\u011flant\u0131 sistemleri<\/strong><\/li>\r\n\r\n\r\n\r\n<li><strong>Wi-Fi a\u011f \u015fifreleri<\/strong><\/li>\r\n\r\n\r\n\r\n<li><strong>Dosya \u015fifreleme sistemleri (ZIP, RAR, PDF)<\/strong><\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Sald\u0131rganlar bu y\u00f6ntemle hassas verileri ele ge\u00e7irip sisteme zarar verebilir, fidye yaz\u0131l\u0131mlar y\u00fckleyebilir ya da verileri s\u0131zd\u0131rabilir.<\/p>\r\n\r\n\r\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Brute Force Ne Kadar Etkilidir?<\/h2>\r\n\r\n\r\n\r\n<p>Brute force, her zaman i\u015fe yarar m\u0131? Cevap: Hay\u0131r. Ancak \u015fifre yeterince <strong>karma\u015f\u0131k de\u011filse<\/strong> ve <strong>sistem \u00f6nlem almam\u0131\u015fsa<\/strong>, ba\u015far\u0131 oran\u0131 olduk\u00e7a y\u00fcksektir. \u0130\u015fte birka\u00e7 \u00f6rnek:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li><strong>4 basamakl\u0131 say\u0131sal bir \u015fifre<\/strong> = 10.000 kombinasyon<\/li>\r\n\r\n\r\n\r\n<li><strong>8 karakterlik alfasay\u0131sal bir \u015fifre (b\u00fcy\u00fck\/k\u00fc\u00e7\u00fck harf, rakam)<\/strong> = Milyarlarca kombinasyon<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Bu \u00f6rnekler, g\u00fc\u00e7l\u00fc \u015fifrelerin brute force sald\u0131r\u0131lar\u0131n\u0131 zorla\u015ft\u0131rd\u0131\u011f\u0131n\u0131 a\u00e7\u0131k\u00e7a g\u00f6sterir.<\/p>\r\n\r\n\r\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Brute Force Sald\u0131r\u0131lar\u0131ndan Nas\u0131l Korunulur?<\/h2>\r\n\r\n\r\n\r\n<p>Brute force sald\u0131r\u0131lar\u0131na kar\u015f\u0131 al\u0131nabilecek \u00e7e\u015fitli teknik ve stratejik \u00f6nlemler vard\u0131r:<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">\ud83d\udd10 1. <strong>G\u00fc\u00e7l\u00fc \u015eifre Politikas\u0131<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>En az 12 karakter<\/li>\r\n\r\n\r\n\r\n<li>B\u00fcy\u00fck harf, k\u00fc\u00e7\u00fck harf, rakam ve \u00f6zel karakter i\u00e7ermeli<\/li>\r\n\r\n\r\n\r\n<li>Ki\u015fisel bilgilerden ka\u00e7\u0131n\u0131lmal\u0131<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">\ud83d\udeab 2. <strong>Hesap Kilitleme Mekanizmas\u0131<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Belirli say\u0131da hatal\u0131 giri\u015ften sonra kullan\u0131c\u0131 hesab\u0131 ge\u00e7ici olarak kilitlenmeli.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">\u23f1\ufe0f 3. <strong>Rate Limiting (S\u0131n\u0131rlama)<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>IP ba\u015f\u0131na giri\u015f denemesi s\u0131n\u0131rland\u0131r\u0131lmal\u0131. \u00d6rne\u011fin: 5 dakika i\u00e7inde en fazla 3 giri\u015f hakk\u0131.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">\ud83d\udc6e 4. <strong>Captcha Kullan\u0131m\u0131<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Otomatik botlar\u0131n giri\u015f denemelerini engellemek i\u00e7in her giri\u015fte captcha do\u011frulamas\u0131 uygulanmal\u0131.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">\ud83e\udde0 5. <strong>\u0130ki Fakt\u00f6rl\u00fc Kimlik Do\u011frulama (2FA)<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Sadece \u015fifreyle de\u011fil, ikinci bir do\u011frulama ad\u0131m\u0131 ile giri\u015f sa\u011flanmal\u0131 (\u00f6rne\u011fin telefon kodu).<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">\ud83d\udd0d 6. <strong>Log Takibi ve Alarm Sistemi<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Anormal giri\u015f denemeleri izlenmeli ve sistem y\u00f6neticisine bildirim g\u00f6nderilmeli.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">\ud83c\udf10 7. <strong>Firewall ve IP Engelleme<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>\u015e\u00fcpheli IP adresleri tespit edilerek otomatik olarak engellenebilir.<\/p>\r\n\r\n\r\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Brute Force Sald\u0131r\u0131lar\u0131na Kar\u015f\u0131 Ger\u00e7ek \u00d6rnekler<\/h2>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">\ud83d\udd38 WordPress Sitelerine Y\u00f6nelik Brute Force Sald\u0131r\u0131lar\u0131<\/h3>\r\n\r\n\r\n\r\n<p>Pop\u00fcler i\u00e7erik y\u00f6netim sistemi WordPress, d\u00fcnya genelinde milyonlarca site taraf\u0131ndan kullan\u0131l\u0131r. Bu sistemde admin paneli genellikle &#8220;wp-login.php&#8221; yolundad\u0131r ve brute force sald\u0131r\u0131lar\u0131na a\u00e7\u0131kt\u0131r.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">\ud83d\udd38 SSH Portlar\u0131 \u00dczerinden Sald\u0131r\u0131lar<\/h3>\r\n\r\n\r\n\r\n<p>Linux sunuculara yap\u0131lan giri\u015fler i\u00e7in kullan\u0131lan SSH portlar\u0131 (genelde 22 numaral\u0131 port), zay\u0131f kullan\u0131c\u0131 ad\u0131 ve \u015fifreler kullan\u0131ld\u0131\u011f\u0131nda hedef haline gelir.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\">\ud83d\udd38 ZIP Dosyalar\u0131n\u0131n \u015eifre K\u0131r\u0131lmas\u0131<\/h3>\r\n\r\n\r\n\r\n<p>Bir\u00e7ok ki\u015fi ki\u015fisel veya i\u015f verilerini \u015fifreli ZIP dosyalar\u0131yla korur. Ancak \u015fifre basitse, brute force ile k\u0131r\u0131labilir.<\/p>\r\n\r\n\r\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Brute Force ile \u0130lgili Yayg\u0131n Yan\u0131lg\u0131lar<\/h2>\r\n\r\n\r\n\r\n<p>\u274c <strong>&#8220;Brute force sadece profesyonel hacker&#8217;lar taraf\u0131ndan yap\u0131l\u0131r.&#8221;<\/strong><br \/>Yanl\u0131\u015f. Basit ara\u00e7lar sayesinde herkes brute force denemesi yapabilir.<\/p>\r\n\r\n\r\n\r\n<p>\u274c <strong>&#8220;Karma\u015f\u0131k \u015fifreler bile k\u0131r\u0131labilir.&#8221;<\/strong><br \/>Evet ama bu milyarlarca y\u0131l s\u00fcrebilir. Karma\u015f\u0131k \u015fifreler brute force sald\u0131r\u0131lar\u0131n\u0131 etkisiz k\u0131lar.<\/p>\r\n\r\n\r\n\r\n<p>\u274c <strong>&#8220;Giri\u015f sayfas\u0131n\u0131 gizlemek yeterlidir.&#8221;<\/strong><br \/>Hay\u0131r. Sadece ek g\u00fcvenlik katman\u0131 sa\u011flar ama tek ba\u015f\u0131na \u00e7\u00f6z\u00fcm de\u011fildir.<\/p>\r\n\r\n\r\n\r\n<p>\u0130lginizi \u00c7ekebilir: <a href=\"https:\/\/www.narhost.com\/blog\/algoritma-nedir\/\">Algoritma Nedir<\/a>?<\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>Brute force, T\u00fcrk\u00e7eye \u201ckaba kuvvet\u201d olarak \u00e7evrilir. Bilgisayar sistemlerindeki bir \u015fifreyi, anahtar\u0131 ya da kimlik do\u011frulama mekanizmas\u0131n\u0131 t\u00fcm olas\u0131l\u0131klar\u0131 deneyerek k\u0131rmaya \u00e7al\u0131\u015fan sald\u0131r\u0131 t\u00fcr\u00fcd\u00fcr. Yani sald\u0131rgan, do\u011fru kombinasyonu bulana kadar her olas\u0131 se\u00e7ene\u011fi sistematik bir \u015fekilde dener. Basit bir \u00f6rnekle anlatmak gerekirse; 3 haneli bir kasa \u015fifresini d\u00fc\u015f\u00fcn\u00fcn. Sald\u0131rgan, \u00f6nce 000 dener, sonra 001, 002&#8230; [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":929,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,7],"tags":[],"class_list":["post-496","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-genel","category-nedir"],"_links":{"self":[{"href":"https:\/\/narhost.com\/blog\/wp-json\/wp\/v2\/posts\/496","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/narhost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/narhost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/narhost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/narhost.com\/blog\/wp-json\/wp\/v2\/comments?post=496"}],"version-history":[{"count":2,"href":"https:\/\/narhost.com\/blog\/wp-json\/wp\/v2\/posts\/496\/revisions"}],"predecessor-version":[{"id":2025,"href":"https:\/\/narhost.com\/blog\/wp-json\/wp\/v2\/posts\/496\/revisions\/2025"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/narhost.com\/blog\/wp-json\/wp\/v2\/media\/929"}],"wp:attachment":[{"href":"https:\/\/narhost.com\/blog\/wp-json\/wp\/v2\/media?parent=496"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/narhost.com\/blog\/wp-json\/wp\/v2\/categories?post=496"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/narhost.com\/blog\/wp-json\/wp\/v2\/tags?post=496"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}