Hijacked site

A site I am building was partially hijacked. I still have enough access to change its password, changed the connection to full, and made some other minor adjustments. This at least put the rogue site in a state of confusion.

When running a ‘telnet’ trace on the site it comes back with this message: "Connecting To 22toes.com…Could not open connection to the host, on port 23: Connect failed.

When trying to sign into the site the error code now is 521.

The site is hosted at Namecheap. With their help the site is running locally. However, trying to connect online brings up the above errors.

While I’ve nominally been using Cloudflare for about 5 years, I am not very conversant with the nuances involved.

Any help or suggestions are appreciated.

If you can do those actions, you can do more. Change your password and reset the api key.

Also search 521 error & tip on this site to to find suggestions and community tip on addressing the 521 if needed. Please post back and give us an update as you may need to contact trust & safety and as alert them.

That domain does not go through Cloudflare at all. Also, Telnet wouldnt work anyhow.

1 Like

Thank you cloonan for the information. The PW was the first thing changed and the api key should be reset. The 521 error and tip page did not seem to apply. I need to look further into other comments about this issue.

I am puzzled by your comment that the domain does not go through Cloudflare. When I look at my account is shows a green check by the domain name, which, perhaps mistakenly, believe it is active here.

The green check is not related to Cloudflare. Your certificate was actually issued by Sectigo.

$ dig @h.gtld-servers.net 22toes.com NS

; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49260
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;22toes.com.			IN	NS

;; AUTHORITY SECTION:
22toes.com.		172800	IN	NS	pdns1.registrar-servers.com.
22toes.com.		172800	IN	NS	pdns2.registrar-servers.com.

;; ADDITIONAL SECTION:
pdns1.registrar-servers.com. 172800 IN	A	216.87.153.33
pdns2.registrar-servers.com. 172800 IN	A	216.87.154.33

;; Query time: 91 msec
;; SERVER: 2001:502:8cc::30#53(2001:502:8cc::30)
;; WHEN: Wed Jun 12 06:03:01 UTC 2019
;; MSG SIZE  rcvd: 129

If I am understanding correctly the site is not being hosted on Cloudflare but the Sectigo certificate remains? What the plan was is to take the site back to Namecheap and then do a proper transition back to Cloudflare. Now that the process for moving a site to Cloudflare is a whole lot clearer (which means I read the manual about the correct process) my goal is to get everything cleaned up properly before trying again.

Cloudflare generally does not host, but there are three primary functions

  1. The most basic one is DNS services. This is mandatory for every domain Cloudflare (except for Business and Enterprise plans where it can be optional).
  2. The proxy platform, which tunnels all traffic through Cloudflare’s distributed infrastructure to your (origin) server. This is optional, but commonly used and the typically the selling factor.
  3. The registrar service, where you can transfer your domain to Cloudflare. A nice to have but very much still in its infancy.

Whatever needs cleaning up is something you will need to clarify either with the person who is responsible for your site (that might be you) or - depending on which agreement you have - with your host. Cloudflare is not involved at this step. Once the domain (and any possible content) issue has been sorted you can certainly add your domain to Cloudflare and change the nameservers.