Account security

dnssec
2fa

#1

hi,

i saw a new dns which i did not enter in my account and some page rules to direct some of my traffic to some virus.
i immediately disabled those pagerules

  1. i changed my password
  2. i changed global and orgin key API
  3. i put up Google Authenticator for 2 step verification.

i asked cloudflare the ip that put those dns settings they gave me a russian ip which i do not recognize and i did not even get email from cloudflare that my account is logged in from new ip which is that ip.

after above 3 steps that those unknown page rules became active again without me even touching them again no email that some new ip logged in my account.
even after having 2 step verification and apis changed how can someone do that?


#2

Regarding this query, you should immediately raise a support ticket via email support [at] cloudflare.com


#3

i did, they said they will check this and haven’t heard back from them yet, meanwhile i thought somebody here might had same experience or might have some idea about what is going on.


#4

Maybe try to scan your PC/phones. They could be infected with Remote Access Tools or Keyloggers. That will explain how someone have gain your credentials.


#5

You did well by enabling TFA, please also consider enabling DNSSEC protection for your domain.