DNS appears to be hacked/polluted

media.writingclasses.com is a CNAME record pointing to gothamwriters-media.s3-website-us-east-1.amazonaws.com.

Something is hijacking the traffic and it’s actually returning someone else’s web site. http://media.writingclasses.com/ is not our content.

Since this is a CNAME record, these two URLs should serve content from the same place:



But http://media.writingclasses.com/ seems to be serving content from an S3 bucket that we do not own.

We’ve checked for redirects and can’t find any. I’m hoping that the Cloudflare community will have some troubleshooting advice. Thanks in advance!

Afraid, this is not correct and that’s not how a CNAME entry works.

Your Amazon setup needs to know about the domain and it does not, which is why you are getting the error message.

On top of that, your Amazon server is not configured for SSL.

How to fix that

  1. Configure your Amazon server so that it responds to HTTPS with a valid certificate for your domain
  2. Configure your Amazon server to serve content for your domain

Afraid, this is not correct and that’s not how a CNAME entry works.

Doesn’t a CNAME record simply send traffic to the same IP as the A record it points to?

Configure your Amazon server to serve content for your domain

it is serving content from our domain. I’m confused.

Maybe I haven’t explained this correctly.

Something is hijacking traffic to our S3 bucket and sending it to a bucket maintained by someone else.

traffic to media.writingclasses.com is not actually going to the A record the CNAME points to.

It does, but if the server does not recognise the domain you run into this exact issue.

Nobody will be hijacking anything, but your server is simply not correctly configured. Hence the two things I mentioned earlier.

As far as Cloudflare is concerned, it correctly resolves the hostname to the configured Amazon hostname. Everything else needs to be configured on Amazon’s side and Cloudflare is not involved.

As mentioned, make sure your server is properly configured for HTTPS and for the hostname and it will work.

1 Like

OK - so once the traffic gets to S3 it’s not correctly resolving the domain? I think I understand now.

what’s confused matters is that I got an alert from Google that someone has added themselves as an owner of that domain and it’s not an email address I recognize

On top of that, the domain is now serving anime content in an Indonesian language, so there is certainly a hacker involved. This may be on the S3 side of things, not Cloudflare. I’ll dig further.

That’s right, that configuration needs to be done on Amazon’s side. Just make sure it has a valid certificate and works for your domain.

1 Like

OK, thanks for the help

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.