Cloudflare DNS Hacked?

johnpoz · April 17, 2025, 8:50pm

What is the name of the domain?

What is the issue you’re encountering

Somehow someone added a subdomain to our DNS entries, and it was definitely not us! I can obviously delete the entry, but I need to understand how it’s even possible that this occurred.

What steps have you taken to resolve the issue?

Added 2 factor authentication. Otherwise haven’t done anything yet.

What are the steps to reproduce the issue?

The subdomain is still live in my attached screen capture for now.

Screenshot of the error

sjr · April 17, 2025, 8:54pm

Check your audit log for details of when and who added the record…
https://dash.cloudflare.com/?to=/:account/audit-log

johnpoz · April 17, 2025, 9:16pm

Thanks sjr! I didn’t know where that log was, but I had to go back many months to find it! However I did locate the entry, so we’ll get it taken care of now. Appreciate the pointer!!!

system · April 19, 2025, 9:16pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cached DNS impact on SEO DNS & Network dns , dash-ssl-tls , dash-getting-started , dash-troubleshooting	6	2502	December 12, 2018
DNS Record was Changed need Hacking Advice Security	3	2066	June 28, 2020
My website's subdomain isn't working General	5	903	April 17, 2024
Subdomain point to an external subdomain DNS & Network	7	1500	August 27, 2022
Hackers managed to create subdomains and install Shopify on them, but records of these subs don't exist in CF. How? Security	9	2511	June 1, 2023