Our cloudflare DNS settings were changed...not by me or anyone in my company. Via API to ezoic.net (?)

We do not have an account with ezoic[dot]net or ezoic[dot]com. I’m not even sure what ezoic is.
Our Cloudflare DNS settings were changed 3 days ago. We changed our Cloudflare pword and I changed the DNS settings back to their proper settings as best I could yesterday and today they were changed again…back to the ezoic[dot]net records. The audit log shows they were changed via the API. We do not even have any API tokens generated.

These DNS changes are affecting our webmail and our API’s.

How is this happening? And can it be stopped?

1 Like

I would check what members have access to your account, which you can do here. If there is anyone there, you don’t recognize then remove them.

1 Like

Thanks for helping.
There are only two people with access to the account, myself and one other, whom I recognize. Neither of us made the DNS changes pointing several of our CNAME records to ezoic[dot]net. We were both confused as to how and who may have done it. We changed our Cloudflare password and changed the DNS settings back, then the records got mysteriously changed again two days later.
I changed the records back again.
A weird thing is according to the audit log the changes were made via “API” and we have no API tokens set up for our account. (When I make changes to the DNS settings my changes show up in the audit logs as “UI”.)

Have you reset your Global API Key?

I had not reset our Global API Key.
I just did. Hopefully that does the trick. Thanks for the suggestion, I appreciate it.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.