i saw a new dns which i did not enter in my account and some page rules to direct some of my traffic to some virus.
i immediately disabled those pagerules
- i changed my password
- i changed global and orgin key API
- i put up Google Authenticator for 2 step verification.
i asked cloudflare the ip that put those dns settings they gave me a russian ip which i do not recognize and i did not even get email from cloudflare that my account is logged in from new ip which is that ip.
after above 3 steps that those unknown page rules became active again without me even touching them again no email that some new ip logged in my account.
even after having 2 step verification and apis changed how can someone do that?