0-day for a record

Hi, I had enabled 2fa roughly a week ago due to concerns with security. Although my concerns were unverified or even valid, I wanted to report something that was.

Today I logged into my cloud flare account to check the ip of my oracle server since I had been going through the ringer restting my password and even getting email properly.

I noticed that someone renamed my a record host to resume2 from resume and put a different ip on resume with a proxy behind it.

I knew this was not me because I don’t proxy my servers usually, and I surly didn’t rename my website with a 2 after it since I am looking for work and that is what I am giving to employers.

Coughs yep, pretty fuked… but on another part of my stupidity, I erased the ip that was broadcasting on my website and quickly replaced it with the proper one without recording.

No doubt there’s logs on cloud flare about this, but i would not rather spend an eternity and a half getting support to look into it.

happy hunting!

Hi @pt11,

You have access to an audit log on your account that will show you exactly when and who made the change. Often it’s an automated service that you’ve given permissions on your account to.

1 Like

To add to this, here is a direct link.

https://dash.cloudflare.com/?to=/:account/audit-log

2 Likes

ok, much appreciated,

Sorry, I owe you two an apology, as it was another false alarm.

Apparently oracle clouds free tier, is only free until they make you pay for it which was about a week ago, lol…

I had forgotten this and remember I setup a vultr vm with the ip-address aforementioned.

3 Likes

No problem, glad you got it figured out!

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.