Client Being Held To Ransom By Developer Using Cloudflare

Not sure if this is in the correct thread or not apologies I am new here. I have a client who their previous web developer has used cloudflare with their domain. I too wish to use cloudflare and in the past usually adding the website to cloudflare has grabbed all necessary records for me and we have been able to continue the process. For some reason the current a record etc for the main domain and the www of the domain are not coming through.

The client has asked me to try and resolve an issue as they are unable to get in touch with their previous developer and he is currently holding them to ransome he currently has control over their website, hosting and office 365 accounts because we can’t access the cloudflare records we need. Any suggestions or assistance with this would be much appreciated.

1 Like

What is the domain in question?

If the IP address in the old CF account is set to be “hidden” (orange clouded :orange: in DNS) so that nobody can find the IP, then when you add the domain to your own CF account it won’t pre-populate those records. If CF were to pull the “origin” IP from the proxied record, then you could find the real IP of other customers on CF and likely be able to DDOS them using that information.

To get the www and apex/root records, simply create new A records with the IP address of your server (you can usually find this somewhere in your host’s control panel).

If he has control of:

  • The registrar account/domain: You’re pretty much out of luck if he has this. You can’t change the nameservers to prove domain ownership nor can you ask the registrars to hand over the domain.
  • The hosting: hopefully you have database backups, the source code, etc. so you can transition hosting to another provider. If you can still log into your hosting (eg. for billing) you may be able to contact their support and they can remove his access.
  • Office 365: if he is the primary admin and has removed your accounts or removed your administrator access, first immediately download all of your email if possible and contact Office support. You will need to explain the situation and you may need to provide proof of ownership of the company, domain, as well as proof of your identity. If this doesn’t work, you’ll need to cancel your billing (either with your card company/bank or Office support) and sign up for a new office account.
1 Like

This topic was automatically closed after 14 days. New replies are no longer allowed.