Error 1000 DNS record hacked?

Hi, noticed an email that my site was down. Tried accessing site and got the attached.

Changed A record setting in DNS to point to shared IP for my Bluehost account and now all seems ok.

Question why would this record have been changed - this site has been working on Cloudflare for probably more than 12 months and I haven’t touched the settings for it until trying to fix this issue. I note there was a huge spike in traffic yesterday.


If you think a setting was changed on your account, consult the audit logs to understand who changed it and when:

1 Like

Hi, thanks for that.
Looking in the log the activity yesterday was by the user Cloudflare for “Certificate pack deployed”. Presumably this is what changed the record although I see no mention of any IPs in the log. Is this to do with a new SSL certificate?

It looks like your hosting provider Bluehost had a custom hostname configured for your domain - that’s why you see the certificate change when they removed that hostname.

It would be best to contact Bluehost to understand what features you had configured on their side that involved a custom hostname configuration for your domain on Cloudflare. That change likely is what caused your domain to revert to using the DNS record you had defined - previously it would have been resolved using Bluehost’s configuration via the custom hostname.

1 Like

Ok, thanks.