Early this morning our Cloudflare password was changed by one of us (admin), and about ten minutes later the website went down. After consulting with a friend, our DNS A has been removed.
Does anybody know how this could/would happen? Would it have to be done manually? Is there any way to find it, and add it back?
FTR I am simply one of the forum admins and was not there when it happened, and do not currently have access to things like server info, from people that do.
From what I can see in the audit log, the only people to access are the other two admin. Admin 1 did everything up until changing the password, logging out and logging in. The only thing I can see apart from me logging in later, is a ‘txt add’ relating to a DNS record for bluelight.org. Here is the audit log, I’ve tried to make it clearer and removed the account name.
Admin 3/me:
Jan 16, 2019
Login
Jan 16, 2019
Logout Our account login here
Account
Jan 16, 2019
Login Our account login here
Account
Jan 16, 2019
Deployed
Cloudflare
Jan 16, 2019
Ordered
Cloudflare
Admin 3? This has an IP by was done by domain “bluelight.org” rather than “account”. There is no record of the IP logging in:
Jan 16, 2019
TXT add Our account login here bluelight.org
Jan 16, 2019
Created
Cloudflare
Jan 16, 2019
Created
Cloudflare
Jan 16, 2019
Nameservers confirmed Our account login here
Jan 16, 2019
Crypto change setting Our account login here
Admin 1:
Jan 16, 2019
Login Our account login here
Account
Jan 16, 2019
Logout Our account login here
Account
Jan 16, 2019
Change lostpass Our account login here
Account
Jan 16, 2019
Logout Our account login here
Account
Jan 16, 2019
Zone reset check Our account login here
Account
I’m one of the other admin for the site and was likely the one to cause this. The Cloudflare account our site is under is inaccessbile to us, and the person who controls it has been unavailable. In an attempt to gain control, I set up our own Cloudflare account (with the audit logs shown by my peer) and changed the nameservers to point to our account. However, in doing so, I did NOT have the DNS A settings in place yet and this likely is the issue.
I’ve switched our nameservers back to the Cloudflare account of our unavailable friend so we should be operational again, and we’ll get the DNS A settings corrected in our own Cloudflare account before attempting to switch again.
I write this for the benefit of those wondering what caused the problem, and for any tips or pointers on NOT making changes prior to having everything in place to function properly.