Fresh added website now requires credentials to be accessed

When I want to open my website, I get redirected to /?__cpo=1 and then I’m prompted to insert some sort of user credentials(username + password) which I don’t know/don’t have.

Why is this happening? I’m new here, just added my website.

What is the site name?

Can you share a screenshot of that error?

I checked your account and don’t see a redirect rule added (which is typically the case in situations like what you described).

So I have mananged to fix it. All I had to do was to replace these 2 CNAME records from my DNS settings:
fir one had: the name and content:, proxied, TTL auto
second one had: the name www and content:, proxied, TTL auto
with a single A record, with the name and content being the IP of my VPS.

But I have another problem, for some reason, every once in a short while(approx 60 minutes) my A record gets deleted and overwritten back with the 2 CNAME records I mentioned above. Why is this happening?

Best regards!

Are you using Ezoic?

No, I don’t know what is that. My domains are bought from Namecheap if that’s what you were asking.

You can check under who made these changes.

If it says they were made by your account, I recommend you follow these steps:

Checked it. I indeed have 2 rec add, made from my account, where it basically adds back those 2 records. But I do not recognize this action and I highly doubt that my account was hacked. Isn’t there any other explanation for that?
I want to mention that these 2 records have been automatically generated since the moment I added my domain on cloudflare.

Be that as it may, it remains that some integration or entity with access to the account is performing unwanted actions and the steps in that article explain how to stop that happening.

In particular I would strongly recommend to reset the API key and check for unknown API tokens.

1 Like

This is literally my first account, with my first domains that I am still in the testing phase with them. I’ve set them up a few days ago. There is almost 0% chance of someone to have my keys and play tricks with me.
This seems like something that happens automatically. Are you sure it’s not something else?

Depends. Can you share more information on the audit logs you see?

For example

  • What user is listed as the user performing the unintended action? It should be an email address for dash/API or “Cloudflare” for Cloudflare’s automation.
  • Is the IP address making the unintended action the same one that you are making the intended action from? If the IP is or similar private range then this is Cloudflare’s automation.

Does this help?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.