I believe my CloudFlare account has been compromised

Hello…

I purchased an Addon plugin to enhance my upcoming community. The plugin experienced errors, so I reached out to the plugin author. I am not sure what country he resides in but anyway I gave him temporary access to my Dashboard to troubleshoot the problem.

That was about 5-6 hours ago. I log into CloudFlare daily to clear cache since I am constantly making changes to my website.

When I tried to login into CloudFlare like usual I got an error " You’re attempting to log into Cloudflare from an unrecognized IP Address. “Please enter the Authentication Token that was sent to the email associated with this account”.

This error concerned me especially since I had given the plugin author admin privileges to my website. I immediately deleted the entire account and sent the plugin author a email asking if he tried to login to my CloudFlare account. I haven’t heard back from the plugin author and it’s been over an hour.

Anyway can you tell if someone tried to access my Cloudflare account with my credentials?

Also, can you give instructions on how to change my password?

Thanks,

Naomi

Hi @naomibuch,

This is a relatively standard message if you try to login to your account from an IP address that you have not logged in from before. This can be if your IP address has changed, you are using a different device etc.

You deleted your Cloudflare account? How did you do this?

You would probably have got one of those ‘unrecognised IP’ emails is they had. What you can do is to check the audit logs on your account which will show any logins that occurred.

You can do this under ‘profile’ > ‘authentication’ in your Cloudflare dashboard.

You could also enable 2 factor authentication on your account to increase security.

Generally, it is not recommended to give your account details to anyone. What you can to if you absolutely have to (and I wouldn’t really recommend this either), is give access to another Cloudflare account and then revoke that access once they have done whatever they need to do.

Hello…That’s my point, I’ve been home all day, and I haven’t logged into CloudFlare from a different device or IP location, that’s why I was concerned that my CloudFlare account was compromised and it’s just a coincidence that I gave my Dashboard admin credentials to the plugin author and I have a caching plugin (WP Super Cache) CDN pointing to CloudFlare.

My email address is on my settings of my website and he probably hacked my password, thank god for CloudFlare extra security measures by blocking the account by IP.

I thought you said you received that email when you tried to login?


I am confused, now! If you have him the credentials, how did they ‘hack’ your password, didn’t you give them permission to login?

Or, did you give them the details to login to your website dashboard, but not to Cloudflare?


Anyway, you probably want to change your password to be on the safe side and consider enabling 2FA. As I said before, you can check the audit logs for logins.

Hi…I didn’t give him credentials to my Cloudflare account…I gave him access to my WordPress Admin account to look at the settings of the plugin. And if he is smart enough he can figure out my username to my Cloudflare account and hack my password, I am sorry I trusted him…lesson learned…

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.