Error (504) + Sending many random emails - HACKED?


-This is the error I got today when I logged in to my Cloudflare:
POST /api/v4/accounts/30b8a5c002952232323c780b94183e9f/intel/attack-surface-report/start (504)
Do you know what is happening and how to solve it?

-Also, I got an email that another IP address logged in to my account:
IP address: 2605:6400:8ea6:7bdc:59c7:1957:7bab:da5f

-Another issue is, that when I enter cPanel, I have my inbox as full, since someone else sent a lot of spammy emails:

I don’t know if they modified something in my DNS system, or how they did it, but I believe it is related to all of this error, from the beginning.

These last weeks I noticed that my accounts have been hacked: Instagram, Facebook, Gmail, Yahoo, my website, so I believe this error message can be related to that as well. Now I changed my password and enabled 2FA.

Could you please help me solve these issues?

Thank you in advance and waiting for your reply.

Best wishes,
Thomas Kallos

You can check your Account’s Audit Log for any activities that you do not recognize as having done yourself, and delete/reset them.

Also, besides changing password and enabling 2FA, you should also close all dashboard sessions other than your current one.

EDIT: It’s also important to change the password and enable 2FA for the email account that you use with your Cloudflare account. If that email is compromised, no matter how hard you protect your CF account, it will still be vulnerable.



Thank you for your reply.

I checked the Audit Log, but there is no unrecognized change other than what the “Cloudflare” user did. I believe Cloudflare occasionally refreshes and updates some TXT DNS files.

I was the only one in my sessions dashboard page, so there was no button to close all sessions. Just a link to “learn more” at the top.

My email account is also with 2FA, so that’s not compromised.

Note: When I ran the “Security Scan”, it found that I don’t have Multi-Factor Authentication for users (MFA). So besides the 2-Factor Authentication, I also put a security PIN. Plus, I Enabled “Member 2FA enforcement” at: Manage Accounts/Members

Let’s hope this will solve it, and let’s hope others can learn from my mistakes.

Thank you again for your help.

Best wishes,
Thomas Kallos

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.