Possible DNS forwarding issue

I had a domain with MX records but no CNAME or A for the past couple years that I used just for email.

Within the past few weeks, someone appears to have forwarded http port 80 traffic to their server. About 24 hours ago, I became aware of this and enabled A and CNAME records and DNSSEC, transferring nameserver from Netlify to Cloudflare. However, I’m still seeing the HTTP traffic is to their server. My MX email has worked send/receive email throughout.

Affected domain: scivision.co should point to scivision.netlify.app
this is unwantedly forwarding HTTP to askelson.net with a “hacked” message.

I set Cloudflare nameserver up about 24 hours ago with DNSSEC enabled (checks “SECURE” via DNSviz).
Before that, I was using Netlify nameserver without DNS

A scivision.co 
AAAA scivision.co 2600:1f18:2489:8200::c8
AAAA scivision.co 2600:1f18:2489:8202::c8
CNAME www scivision.netlify.app 
MX scivision.co alt1.aspmx.l.google.com
MX scivision.co alt2.aspmx.l.google.com
MX scivision.co alt3.aspmx.l.google.com
MX scivision.co alt4.aspmx.l.google.com
MX scivision.co aspmx.l.google.com

You should make sure that you secure your Netlify account, that your domain is actually connected to your account and that your sites configuration is correct.

It looks like someone got access to that account, as the “Hacked by” message comes directly from their servers.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.