My Zero Trust Tunnel Applications Show A Malicious Captcha After Account Compromise

aiden.duval · March 12, 2025, 4:34am

Related to

Cloudflare Tunnel

What is the issue you’re encountering

All of my tunnel applications show the malicious captcha shown in screenshot.

What steps have you taken to resolve the issue?

I have changed password. Enabled 2FA. I noticed in the logs that an API key was made when someone logged in but do not see any api keys when I check on my profile. I have tried purging the cache of everything. New tunnels I create still have this issue. All my DNS settings seem correct.

What are the steps to reproduce the issue?

Going to any of my tunneled applications

Screenshot of the error

y.vdbroek · March 13, 2025, 9:32pm

I got the same issue, tried refreshing my api tokens and the tunnels but nothing is helping atm.
If i connect to the server’s locally i dont get it its only when i use the cloudflared tunnel

aiden.duval · March 13, 2025, 9:59pm

Do you have a worker in your account? I was starting to think that was how the captcha was being served. Also I would change your global api.

y.vdbroek · March 13, 2025, 10:54pm

I did change my global api, don’t know if i have a worker ill have alook but dont think so.

Topic		Replies	Views
Removing Cloudflare captcha Getting Started	5	11306	August 20, 2020
There was an issue communicating with the captcha provider General	3	3185	April 13, 2020
ReCaptcha popping up on a handful of websites! HELP! General	3	4183	July 16, 2018
Cloudflare captcha challenge Security	7	3043	October 30, 2020
Don't know where else to get answers, cloudflare captcha on every website i enter General captcha	6	10788	November 2, 2018