Hello community,
I have several websites that use Cloudflare’s DNS service. Recently, my websites started redirecting requests to another malicious website.
Interestingly, when I disabled Cloudflare’s DNS service, the redirection stopped, and the website became accessible again.
I would like to know how to resolve this so that I can re-enable Cloudflare’s DNS service. It seems that this service has been compromised.
I appreciate your time and attention to my case. Thank you very much.
Can you share the redirect target URL?
You should check all your redirect rules here: https://dash.cloudflare.com/?to=/:account/:zone/rules/redirect-rules and bulk redirects here: https://dash.cloudflare.com/?to=/:account/bulk-redirects
and follow Secure compromised account · Cloudflare Fundamentals docs to re-secure your account.
Thank you very much! For some reason my Cloudflare account was violated and the redirection rules were changed. I appreciate your time and attention.
For some reason i had the same problem and my co-workers account seem to be hacked too, weird that it happen at the same time as you. My site was redirecting to this scam domain (sleth info), was your site redirecting to the same?
Thank you for sharing your experience. In my case, the redirection was to nkbithfogknn.com
The attack came from a vulnerability in the WP Fasted Cache plugin. A token generated in CF and used to configure the plugin, the token gave access permission to all accounts.
If you have a scenario similar to mine, I recommend that you recreate all your tokens and review the permissions.
Hi,
Did you mean “WP Fastest Cache” plugin? If so, are you using the free or the premium version?
Hello! I use the free version.
I don’t see other users mentioning a specific vulnerability in this plugin’s support forum yet. Would you let the developers know, so they can have a look at what you perceive as a problem in their plugin? If in fact there’s a problem with their code, a fast resolution would help many of their users [WP Fastest Cache] Support | WordPress.org
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.