Rogue Records Vulnerability

Working through a slight interest. I recently left one wholesale registrar for another. I setup a template ns setting for CloudFlare, which has changed a time or two since I’ve begun fully using CloudFlare. I have transferred all domains to the new registrar and the ns is generically one that CloudFlare has assigned in the past. I did not complete the setup of the domain in CloudFlare.

When I do return or test the domain later, I end up on a hijacked site, pornographic material, etc. I have not created the CloudFlare site yet but shows CloudFlare IP Addresses and Nameservers in the CloudFlare camp but not those assigned at the registrar.

Is this an intentional deflection by CloudFlare or is this a vulnerability that in registering a domain, if the account is not fully setup, someone out there is creating an interesting list of A and AAAA records. I have had 4-5 domains today to setup in CloudFlare, change the records, etc but for what it’s worth, why would the domain get pointed to porn or some hack site?

Vulnerability for CloudFlare to look at? or Don’t point to us without going all the way through the process penalty box to teach someone a lesson?

As with any domain, if you point to name servers not used by you, and someone figures it out, it’s not that hard to put some other site in your place. This can happen at any host.

What do you mean by this? When adding a domain to Cloudflare you need to add it to your Cloudflare account before changing your nameservers. If you change your nameservers assuming they will be the same then you are exposing your domain to hijacking.

1 Like

I could easily see any other nameserver from any web search… free nameservers with a clown offering a balloon but… oh well. I’ve fixed it. I’m no longer selling Japanese Porn and Lingere, bootlegged DVDs or Digital Movies and I dont know what the German site was…

Trying to get a visual on how someone sets A and AAAA records with or without CloudFlare and using CloudFlare’s IP Addresses in the records.

Figured that out now. Made a bad choice of registrars and was trying to mass move them to get away from one to another.

Just that poison assumption that since a few other domains were assigned those nameservers by CF that the next domains would also have the same. Just hadn’t created the domain in my CF account.

This topic was automatically closed after 30 days. New replies are no longer allowed.