I think i’ve encountered a potential backdoor into cloudflare via the apps.
There is only one app I have installed
It’s been installed a few days now but I went to see if any new features might be available by visiting the installed cloudflare apps section.
There wasn’t any so I just closed the browser.
Later, I began to notice strange log entries, such as:
I pasted it into a browser that does not have access to cloudflare (chromium) and was suprised that it logged me right in.
I thought, nah… so then I tried it on firefox and epiphany, insta-logged in!
So then I began to worry and went to proxysite.com and pasted the url into there, again!!!
Now I think it might be remedied but if anybody knows differently, please kill the bonzi-app so I know. The remedy (I think) was simply to choose save settings and step through the process where it says something about sharing your email with the maker of the app.