DNS hacked - ownership under Cloudflare

stelios.a · August 11, 2023, 6:14pm

Hi all,

Recently one of my domains got hacked due to an old software. The hacker got access to the local DNS and change it’s name server to Cloudflare under his account.
After I saw that change I’ve changed immediately the DNS back to my local server and tried to fix the bug in the software.
To make the long story short, I’ve patched that software and after a few days I added that domain under my Cloudflare account to get benefit of the WAF among others.
When it start resolving to Cloudflare instead of getting the DNS settings that I’ve setup under my Coudflare account it used the hackers Cloudflare account/DNS settings and I had to revert back to my local DNS to solve this.

Is there a way somehow to contact Cloudflare and let them know that this domain belongs to me and should use the records under my account instead of the hackers?

Thanks in advance.

epic.network · August 11, 2023, 6:30pm

Welcome to the Cloudflare Community.

If you want to use the Cloudflare WAF you have to use the Cloudflare proxy. When using the Cloudflare proxy, public DNS requests will return Cloudflare proxy IPs.

You let Cloudflare know the domain is yours by setting the nameservers assigned in your account at your registrar.

stelios.a · August 13, 2023, 4:21pm

The same nameservers that were assigned to my account are also assigned to the hackers account and changing them at my registrar is having the same affect as I described in my initial post.

epic.network · August 13, 2023, 4:57pm

If you read the article I linked in my previous reply, you will know that is not possible. You may need to consider that your Cloudflare account has been compromised and take appropriate action.

system · August 16, 2023, 4:57pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.