My domains got hijacked from Bluehost to Cloudflaire

Last month evidently my domains got hijacked. I’ve been hosting on Bluehost for years. But in December, somehow the NS entries on several of my domains got routed to Cloudflare. And now I cannot change them back!

I had to start a Cloudflare account to get to manage my own Bluehost domains. I registered one of my domains on Cloudflare to get control. I am trying to set my A record to Bluehost now, but I keep getting this error: DNS Validation Error (Code: 1004): Content for A record is invalid. Must be a valid IPv4 address (Code: 9005)

I know the IPv4 address is good for Bluehost:

I can find NO support from Cloudflare. Bluehost says I must get Cloudflare to release my stuff, but no one at Cloudflare seems to be available to help. If I was ever going to consider Cloudflare for hosting services, this experience has soured me on that idea. Now I just want to get my NS records off Cloudflare. Anyone?

Why not? You go to your registrar and switch the nameservers to your host’s (presumably Bluehost’s). Shouldnt that be it?

I wish that was it.
I am told I must redirect from Cloudflare to Bluehost. The Bluehost NS address is the IPv4 address I listed above. But when I try to create an A record on Cloudflare with that address I get: DNS Validation Error (Code: 1004): Content for A record is invalid. Must be a valid IPv4 address (Code: 9005)

By whom? All you need to do is go to your registrar and switch to Bluehost’s nameservers. Why cant you do that? Whats the domain?


I don’t get why you can’t point your nameservers back to wherever you want, but the error you referred is sometimes caused by a space or other character in the IP you typed, check that there isn’t a space at the start or end or another invalid character somewhere…

@sandro and @domjh, typically when these hijackings occur and the original registrar is unable to assist, it means that the domain has been completely transferred from one registrar to another. If that is the case, max.goff won’t be able to change the nameservers because the domains will no longer appear in his Bluehost account.

max.goff, if the domains are still in your Bluehost account, you should still have control over them. Change your password and add 2FA, if possible. You should then be able to use the Bluehost control panel to change the nameservers.

If they’re no longer in your account, you’ll need to contact Cloudflare directly–the forums won’t be sufficient.

That would mean the domain is lost altogether. DNS servers are the least concern in such a situation.

Nothing has indicated that yet though, so we can assume the domain is still under the OP’s control and in that case he should simply switch the nameservers or clarify elsewise why that is not possible.

1 Like

@Zenexer, if the domains had been completely removed from their registrar and the OP could not change the nameservers, it would be unlikely that they could add the domain to Cloudflare either as the nameservers are not the same for two Cloudflare accounts (normally). So if the ‘hijacker’ added it to their account, as it appears to be, then the OP would not be able to point the domain to their own CF account, as they appear to have done.

@domjh I’m skeptical that the domain is actually in @max.goff’s Cloudflare account. It may have been added, but I doubt it was verified. He said that the nameservers changed before he even had a Cloudflare account–that doesn’t add up. This sounds like the domains were stolen.

@max.goff, what is the domain name? Additionally, if you look in your Cloudflare account, it should give you two nameservers ending in “”–what are those two nameservers?