Cloudflare & DNS compromises


#1

Dear Cloudflare community,

many of the sites pointing to our top rank domains. but am unable to solve this issue. because many domains showing our site content live and google drop down our ranking.

so am looking for solution if any one have solution for this issue.

like i have domain
mydomain.com many mirror sites running like
mirrordomain.com
mirrordomain1.com
mirrordomain2.com
mirrordomain3.com

all mirror domains also listed in google search result so google rank down our main domain which is mydomain.com

if we change anything on mydomain.com its auto update on mirror domains.
everything running as live working domain.

kindly take a notice of these sites.

link update for what am saying to you.
http://hosixy.com/2016/12/15/cloudflare-dns-compromises/

waiting for your response cloud flare support team regarding this issue.


#2

Without knowing any of the domains affected, it’s difficult to troubleshoot.

What I’ve found in the past is some servers have a “default” domain that’s usually first, alphabetically. So if your domain happens to be alphadomain.com and other domains happen to point to the same IP address, they will appear to mirror alpha’s content because the server is showing the first website in its configuration.


#3

Dear Sdayman,

how i can send all of these domains in private msg or via email. because i dont want to share it public.

waiting for your reply


#4

You will be our initial test. Private Messages were only available for moderators, but I’ll turn them on and see how it goes. If people get abusive and/or spammy it may have to go away, but for now you can use it.


#5

Sorry I’m not sure what the problem is, but I don’t see anything here to indicate a DNS compromise. You can’t point a random domain to the IP address of a site proxied by Cloudflare and get it to direct to a given site. We direct based on the host header when it hits our proxy.

So either the other sites are including your pages in an iframe or they are hitting your origin server directly and it is allowing it to render pages even though the host header doesn’t match.


#6

Replying publicly to your msg for the benefit of others. Again this doesn’t have anything to to do with a DNS compromise. Since you gave me a domain name I eliminated an iFrame as a possibility. So now the other is likely… your webserver will respond to any http request with your site’s content regardless of the host header. Fix your webserver so it doesn’t do that.


#7

Dear sir,

ok if it not related to your side then why this domain showing wrong namserver entries,

https://intodns.com/bepunctual.biz

also you are able to check this domain not added in any cloudflare account then how it is working with wrong dns entry.

waiting for your reply


#8

What makes you think those are the wrong nameserver entries? You don’t manage bepunctual.biz correct? So it’s not your domain. I can neither confirm nor deny the existence of a customer with these records, nor can I comment to validity of the records if they were a customer.

But another customer using Cloudflare for their service is not an indication of a DNS compromise.

Try this command which bypasses Cloudflare entirely and look at the results:

curl -k --resolve flightdealnow:80:<your.ip.address.here> http://flightdealnow.com/

Now try

curl -k --resolve nosuchdomain:80:<your.ip.address.here> http://nosuchdomain.com/

Notice how flightdealsnow returns your site but the other doesn’t? That’s a problem at your host, it has nothing to do with Cloudflare. If you want to file a ticket with Cloudflare for DMCA/Abuse request I believe our support team has provided you with that information.

But there is no bug/security issue with Cloudflare that I can see. The simple fact another site is using Cloudflare is not evidence of a problem and the steps above will reproduce the issue bypassing Cloudflare.

I’d recommend reaching out to your webhost to determine why it is returning your site when another domain requests it. If they can resolve that issue the problem should take care of itself.


#9

Dear sir,

i have contacted my management team regarding this issue, they said this issue from cloudflare side, because the domain is not correctly updated with correct namserver, and cloudflare system auto configure it with your domain thats a reason you are unable to block this domain. just cloudflare team help you regarding this issue,

just take a look at intodns.com for these domains hope you will see both domains nameserver.

take a look this link regarding DNS
http://dnscheck.pingdom.com/troubleshooting.php?domain=bepunctual.biz
and also check mine domain

you will see the difference and this will help you to understand the issue which am facing.

waiting for your reply


#10

It’s probably best to submit the additional information in a support ticket. Support engineers can get into the nitty gritty details in a private setting and then hopefully we can find a general update to post here as well.


#11

Could this be the issue:

bepunctual.biz @ a.gtld.biz:

bepunctual.biz. 3600	IN	NS	aron.ns.cloudflare.com.
bepunctual.biz. 3600	IN	NS	tom.ns.cloudflare.com.

bepunctual.biz @ aron.ns.cloudflare.com:

bepunctual.biz. 86400	IN	NS	brad.ns.cloudflare.com.
bepunctual.biz. 86400	IN	NS	marjory.ns.cloudflare.com.

Seems like the wrong nameserver is inputted to the registrar.


#12

Dear sir,

i have already opened a ticket but this reply is,

(If you want to file a ticket with Cloudflare for DMCA/Abuse request I believe our support team has provided you with that information.)

so please sure me if i will open a ticket we get solution reply. not a DMCA/Abuse request.


#13

I provided you with two curl requests which demonstrate conclusively this is not an issue at Cloudflare. Your management team is incorrect. I will post them again.

curl -k --resolve flightdealnow.com:80:<your.ip.address.here> http://flightdealnow.com/

curl -k --resolve nosuchdomain.com:80:<your.ip.address.here> http://nosuchdomain.com/

The IP address of your origin server can be placed in <you.ip.address.here> bypassing Cloudflare entirely. If the problem happens without Cloudflare in the mix it is not a Cloudflare issue.

Since a random domain doesn’t work in the curl command, but a small subset do it is almost certainly an issue with whoever hosts your content. Share the curl commands above with them. The links you provide show the domain is using Cloudflare. That isn’t under debate nor is it a demonstration of a bug or security problem. Your complaint is that they are displaying your content that is a DMCA issue since we don’t host your content. To fix the problem of allowing that site to render your content you need to speak to your web host. We can’t fix their issue and the curl commands demonstrate that it is their issue.


#14

I understand the DNS servers don’t match and it could be that someone is attempting to exploit their DNS settings. However that is a problem for the owner of the domain being exploited. If you are the owner of the domain, fix your nameserver records.

But it does not appear you are the owner of those domains, so whether or not the DNS settings of another domain are correct is not a topic we can discuss with you. I understand you have a concern about your content. We can deal with that as a DMCA request. We’re not going to tell you anything about another domain or its owners.

But the underlying problem you are complaining about (another domain showing your content) is because your webserver is configured incorrectly to allow such a thing. The curl commands I provided demonstrate that to be true. Have whoever manages your webserver fix their problem. Once your webserver is configured correctly these domains will no longer be able to display your content.