Inability to access account, Customer Service not helpful

We made the mistake of not turning off a Cloudflare account connected to two domain we once controlled but let lapse, as the organization name was changed.

And now the old domains got snapped up by squatters and they KEPT our old nameserver values, so that we have two rogue domains erroneously asserting a connection to our trademarked company name.

Since we don’t have access to the old domain, nor have the old login information, we are of course locked out of the Cloudflare account due to 2FA, and CF customer service is not helpful in getting this matter resolved.

I’ve explained I can no longer access my CF accounts/signup/super admin email address, nor can I receive or send emails from this email address to verify myself.

The customer service agent replies repeatedly with the same lines that we need to be making our request from the domain we no longer control. This is an impossible task.

All I want is for this old CF account, which I set up but can no longer access, to be removed, so that the link is broken between these erroneous domains and our living, trademarked domain. But CF customer support does not seem to want to look deeply into this to see that, yes, I am the person who registered the original account and should be given access to that account so I can delete it, or CF can simply delete it. Instead, I keep getting the same copy-paste customer service emails. I feel completely ignored.

Does anyone have any insight? I surely can’t have been the first person to be caught in this sort of Catch-22.

Sorry I have read this 3 times and I still don’t understand. You want to sever a link… what link?

You don’t own the domain. You don’t own the account used to manage the domain.

In what way are they asserting a connection to your company name?

1 Like

We used to own the domain. We let it lapse due to company name change. Forgot we had Cloudflare in place, so did not think to turn it off. Lost password for login.

Then squatters who snapped up the domain KEPT the old nameservers on the dns settings, meaning the old domain now forwards to a cached version of the new company website, creating a misleading connection between old and new company names.

To compound the problem, the squatters are hidden behind domain name masking so can only contact the registrars and they also won’t take down the nameserver listings bc we cannot send email from the domain which we no longer own.

Have you tried configuring your origin server not to respond to requests for those domain names or better yet to return a completely different website which makes it very clear there is no association with your company?

You don’t control the domain. You don’t control the Cloudflare account. Control what you can control.

In order to have gained control of the Cloudflare account the new domain owners would have needed to know the email address used to register the domain and set up an email account to manage a password reset. Odds seem really low they actually did that and the domain just continues to be served by your origin servers.


Maybe I was not clear.

The new domain owners do not control the Cloudflare account as far as I know. All they did is keep the same nameserver values in place when they took over the domain. Since we cannot get onto the domain, and cannot get onto the old Cloudflare account (email is linked to the old domain), we cannot turn off the Cloudflare relay function and they refuse to do that for us or to give us a way to recover or get back into our account.

Seriously, we are not the only people in the history of the internet who have lost access to a account and cannot do password reset because they no longer have control of the related domain. CF should have a more robust account recovery system we can engage with. Happy to prove I am who I say I am, but they don’t even try, just cutting and pasting standard replies. I get it. Gotta follow security protocols. But spend 5 minutes looking into this case and you will see that this could be fixed with just a little bit of human intervention and attention. Which is so hard to come by these days.

If you want the domain to stop displaying your website content, I’ve provided the steps which will solve the problem.

Perhaps it helps to simplify the problem….

Some company is pointing a domain they don’t own to your origin IP address and your server is responding and displaying your corporate content.

In this scenario neither Cloudflare is involved, nor is the domain one you ever owned.

How do you stop the behavior?


The domain is not displaying our website content but our old content cached on Cloudflare.

The domain is pointing to old Cloudflare nameservers, not to our current site.

The entire problem could be solved if Cloudflare wiped that cache on their servers or just broke the connection.

This is a Cloudflare-based problem and one they could easily help us solve. If I could get into the old account, I could fix it in about 30 seconds.

They should have some fail-safe solutions for users to regain access to an account for which they have lost the credentials. There are all sorts of 2-factor auth systems that could be put in place.

Cloudflare’s actually seriously bad at caching content. So probably not. Have you taken time to actually look at the headers for requests to see if the pages themselves are being pulled from cache… because by default html is not a content type Cloudflare caches and when it does it tends to expire pretty quickly.

The fact they are using Cloudflare nameservers or Cloudflare has nothing to do with the content that is being returned. You are unnecessarily complicating it. While I understand you /want/ Cloudflare to do a thing, it is very likely that you have fully within your control the ability to resolve this.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.