Hacker added my site to Cloudflare without permission

Someone added my website to Cloudflare without permission and has taken down my webpages. They’ve diverted the nameservers from mine to their Cloudflare accounts. Please help me. Customers can’t access my site and I’m not getting emails from the website’s account.

I’ve never had a Cloudflare account before. I only opened this one to get help.

I am sorry to hear this.

However, this indicateds someone has had an access to your domain registrar and modified domain nameservers on your behalf.

Is Cloudflare your domain registrar or someone else? :thinking:

Have you tried reaching out to your domain registrar about this case?

What is your domain name?

What error do you get?

Furthermore, anyone can add any domain (I think) to their Cloudflare account, except if the domain owner doesn’t point it’s domain nameservers to the ones provided or given by some Cloudflare account, it’s not active at all and will be removed soon from their CF account.
Otherwise, if domain nameservers are changed and pointed to the ones, then your domain would use Cloudflare services.

3 Likes

My domain registrar is someone else. I checked over there and the nameservers haven’t changed. My domain name is zuniblue . com

I added spaces because the link wasn’t allowed.

Thanks for your help!

Kindly, reach out to your domain registrar in this case.
It’s the 1API as far as I can see → [email protected].
Reset your password and enable 2FA for your account there.

Except as it might be some other domain reseller, see below:

Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +49.68949396x850
Reseller: My Secure Cloud Host mysecurecloudhost.com
Domain Name: ZUNIBLUE.COM
Registry Domain ID: 1793956483_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.1api.net
Registrar URL: http://www.1api.net
Updated Date: 2022-09-05T20:13:51Z

Kindly, double-check if you’ve looked at NS type of DNS records or rather domain nameservers.
They were changed 2 days ago by the WHOIS.

Name Server: ariadne.ns.cloudflare.com
Name Server: terin.ns.cloudflare.com
DNSSEC: unsigned
;QUESTION
zuniblue.com. IN NS
;ANSWER
zuniblue.com. 21557 IN NS ariadne.ns.cloudflare.com.
zuniblue.com. 21557 IN NS terin.ns.cloudflare.com.

Furthermore, Cloudflare isn’t being involved into this as far as your domain is not registered by the Cloudflare Registrar, therefore cannot manage, edit nor help in this case as much as you’d want to.

7 Likes

My domain registrar is Stablepoint.

You should talk to them. If there is a domain transfer occurring, you need to stop it ASAP because you are risking losing the domain permanently.

Establish contact with Stablepoint; Cloudflare has no real way of helping you if the registrar is compromised.

5 Likes

Thank you for helping me!

2 Likes

https://securitytrails.com/domain/zuniblue.com/history/ns

Something is going on, they appear to be propagating.

Do what @fritex & @jnperamo suggested. Sorry for that trouble, it stinks.

Sorry, I don’t know what propagating means. That whatsmydnys website shows before the change, but all the others I’ve checked showed my nameservers are back.

I contacted the domain host and they said the namesevers had changed, but I couldn’t see the change yet on their website. They pushed the update through on their website and only then could I see the nameservers had mysteriously changed. I changed them back and my webpages were back online.

It also turns out that my registrar is linked to the other two businesses on the WHOIS posted above. They are investigating the changes made.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.