My website TBITalk.com got hacked.. Cloudflare is my CDN, how do I fix it?

Your help is so much appreciated.I just noticed that my Cloudflare account was broken into and purged 3 times. I am not really sure what this means? Please help me. Thank you :slight_smile: God Bless and Merry Christmas and Happy Holidays!

Use a stronger password and 2FA:
https://support.cloudflare.com/hc/en-us/articles/200167866-How-do-I-set-up-two-factor-authentication-

If the only damage is purging your cache, it might not be an account break-in. Check the Audit Log at the top of your Cloudflare Dashboard.

I have a check to the audit log, all it shows is the cash has been deleted. Please go to TBItalk.com to see what happened.

Recommendations:

  • Set up 2FA on your account
  • Change the global API key
  • make sure the IP address in the DNS tab of your website is correct
  • Check with your website hosting provider to see if they can open an investigation regarding this incident.

The Audit Log will also show how the cache was deleted. Click on the little blue arrow to open up the metadata window. It may show it was an API call, or done through the UI. If it was done through the UI, it would show the IP address of the user who did it.

Hi @rradecki14,
I have noticed one thing in november there were many hacking issue related to wordpress sites arises even using Cloudflare. I have one site based on Krogerfeed which was using Shared Hosting Nameserver. Many times it goes crash so, I try to use Cloudflare and changed name server but after few days when I see my Wordpress Dashboard it says 755 Login Attempts. How? Even sometimes Cloudflare doesn’t provide complete security until and unless You are using premium package. (P.S. most of us are using Free Service)

Cloudflare does stop many bots if the security level is set to “high”, but many times these login attempts come from botnets which run on residential IP addresses that have no previous bad behavior.

I recommend for “free” WordPress users to add a page rule for *example.com/wp-login.php, setting the security level to “under attack” so that bots can’t attempt to log in without running a full chromium instance, something most of these don’t do.

If you’re serious about running a WordPress website for your business, you should get the pro plan which as 43 separate rules that combat these brute-force attacks as well as SQL injection and backdoor attempts.

2 Likes

This topic was automatically closed after 14 days. New replies are no longer allowed.