For some strange reason, my domain (sevfurneaux.com) is redirecting to a torrent based site.
The name servers for the domain are both
ARCH.NS.Cloudflare.COM
DORTHY.NS.Cloudflare.COM
So unsure what is happening and why?
Someone likely compromised your server / webspace and added a page with links and an eventual redirect. You need to check that on your server.
2 Likes
Thanks – I’ve checked just now and the page isn’t compromised on the server.
Maybe it relates to this?
Thanks for your detail.
I just removed Cloudflare’s DNS (arch.ns.Cloudflare.com and dorthy.ns.Cloudflare.com) from my domain at the registrar and this now shows the correct site:
This is really strange.
Did you have any “apps” installed on your CF domain?
Hi,
No apps at all!
Hi @sevfurneaux, when the redirect was happening your name servers were pointing to arch and dorothy, but was you domain in your Cloudflare account at that time?
That post was a result of a domain owner not renewing their domain.
Aside from what everyone has already recommended. It’s a good idea to change your passwords for everything and enable 2FA for everything. Then begin diagnosing where things went South,
2 Likes
Well, it does come from your server (or where you pointed Cloudflare to).
Not sure, what “this” is, but if it was a nameserver issue it could be your domain points to the wrong nameservers and that would give someone else certainly the opportunity to “hijack” your domain, but that is under your control. Right now your nameservers do not point to Cloudflare at all.
Thats exactly what I was referring to.
The name server history for sevfurneaux.com shows a lot of changes, you may want to look at that to see if it jibes with changes you’ve made, https://securitytrails.com/domain/sevfurneaux.com/history/ns.
Beyond that, what you experienced sounds like malicious characters scanning Cloudflare nameservers for zones that do not exist on our platform, but are pointed at our nameservers.
They will then add the zone to their account and we will resolve the DNS for them, so they can then direct traffic where ever they like.
The best practice is to not point at Cloudflare nameservers if you are not actively using our platform. And, first add the zone to your Cloudflare account and then change the name servers. Because they are pointed at the correct nameservers, that zone will take priority.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.