Domain Takeover Issue

We are experiencing an issue where someone has reset our register-com account and moved dns over to a Cloudflare account. we dont have a Cloudflare account.

we are unable to access the domain because when they moved it they cut off email. we cant reset our passwords or accounts because of this.

How can i get Cloudflare to help? We really want to know who did this!

Let me see if I follow:

  1. Somebody stole your domain.
  2. They changed the domain register account password
  3. They changed the DNS to Cloudflare.
  4. They have full control over the domain

Because your emails are name AT domain dot com and they changed the DNS, it’s impossible for you to reset the password or dns settings from your registar?

Correct…

luckily, we were able to get the registrar to move the name servers back to the original.

I was just very surprised on how Cloudflare didn’t care. I called the sales “under attack” number and contacted support and basically said post here, we cant help you.

I’m not sure what you were expecting CF to do since the core of the issue was at the registar. If you can’t control the nameservers then the attacker can do as they please.

The emergency phone line did whats right and followed the correct protocol imho.

Just for future reference; this kind of attack is rather common, you should avoid having cycled dependencies between domains and domain alises.

It is normal to have either a placeholder domain to control the main domain or just using any gmail/outlook/w.e account instead.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.