Please Delete this Cloudflare Post

This post was flagged by the community and is temporarily hidden.

It’s Sunday; I doubt you will get any help until tomorrow. Was your account hacked or the hosting?

1 Like

What plan are you on with Cloudflare, @user2012?

2 Likes

That would be the Business plan then. Tickets are mainly prioritised based on plan type. Business does also have access to Live Chat through the dashboard which can help with issues faster. How long ago did you open the ticket?

Taking a step back, do you have access to the Cloudflare account or not? If not, what specifically is the issue with accessing it?

Probably not, but if they email support AT cloudflare DOT com from the email address they used to access their account, you should get a reply. Make sure to reply to the bot to let them know if still an issue that needs to be addressed.

That does put you in an awkward situation then. So the email on your Cloudflare account is on a domain that’s in that account? And you don’t have a backup account with access on a different email for this?

What is the reason you can’t login? Has the attacker changed the password, or do you not have 2FA enabled so you need a code via email that you can’t access?

I’m assuming that you haven’t had any replies to the ticket because you can’t access the email for the account you sent it from. Is that right?

3 Likes

Right, that is very awkward then.

I’m guessing that ticket will have been closed given that they will only talk to the registered email on file.

SInce this includes the registrar and your emails, I would imagine that’s now they got in to Cloudflare.

I have escalated this, but it probably won’t be seen until Monday and there’s not much more the community can do. I would imagine that you will have to regain control at the Registrar first, then get your emails working and then regain access to Cloudflare. I’m not sure if there’s another eay here.

1 Like

I think the best course of action to regain control of the Cloudflare account is this:

  • Regain access to the domain at the Registrar
  • Change the nameservers temporarily to point to your host’s
  • Get emails working and reset the password on your Cloudflare account
  • Set up the Cloudflare account how it was before
  • Point the nameservers back to Cloudflare
  • Enable 2FA on the account and ideally use an email not tied to a domain in the account
5 Likes

Some websites have an option where they pay a random amount between $0 and $2 to a bank account, and then the person has to report exactly how much was deposited.
This verification procedure could determine if the reporter is the legitimate owner of the account; however, it might take a couple of days to process the request, and I’m not sure if this is a protocol that exists on CF or not.

I’m going to be a bit pessimistic and assume that this is going to take a while.

This might sound harsh, but this kind of hack occurs primarily on setups that are poorly crafted.
You can have access to any of your accounts exposed. However, compromisations to the level of being completely locked out are extremely rare now that 2FA and MFA are an industry standard.
Cloudflare, in particular, has a rather strict setup where 2FA codes expire once every 24 hours so that even if your cookies/tokens were stolen, the hacker would only have access for a limited amount of time. (assuming that your device isn’t compromised, at which point you might consider getting an EDR or traditional AV).

This is the main reason why I’m using my gmail account instead of the business one, good advice!

4 Likes

A very kind member of the support team has seen my escalation here and has escalated your ticket. I’m not sure what the outcome of that will be, but I would still recommend following the advice from the posts above.

6 Likes

So if you had registered your domain with Cloudflare would that have made things much worse? I haven’t seen how Cloudflare Registrar works but I assume it uses the same Cloudflare username and password.

Not necessarily. The attackers already took over the registrar. That’s the most valuable asset. If you control the registrar, then you control where you point your DNS.

On the other hand, my Cloudflare account is locked down with U2F (a hardware 2FA key). Not all registrars offer that, though it looks like GoDaddy does.

1 Like

Exactly lock down email accounts with 2FA/MFA and I lock down my Cloudflare account with security key as well https://blog.centminmod.com/2021/06/30/2401/how-to-setup-yubikey-5-nfc-security-key-for-cloudflare-account-logins/ :smiley:

1 Like