Account security




i saw a new dns which i did not enter in my account and some page rules to direct some of my traffic to some virus.
i immediately disabled those pagerules

  1. i changed my password
  2. i changed global and orgin key API
  3. i put up Google Authenticator for 2 step verification.

i asked cloudflare the ip that put those dns settings they gave me a russian ip which i do not recognize and i did not even get email from cloudflare that my account is logged in from new ip which is that ip.

after above 3 steps that those unknown page rules became active again without me even touching them again no email that some new ip logged in my account.
even after having 2 step verification and apis changed how can someone do that?


Regarding this query, you should immediately raise a support ticket via email support [at]


i did, they said they will check this and haven’t heard back from them yet, meanwhile i thought somebody here might had same experience or might have some idea about what is going on.


Maybe try to scan your PC/phones. They could be infected with Remote Access Tools or Keyloggers. That will explain how someone have gain your credentials.


You did well by enabling TFA, please also consider enabling DNSSEC protection for your domain.