Security issue after domain expiration


#1

My domain expired, and dns changed to registry ones. Cloudflare removed my acct because of this and when I renewed the domain and the dns returned to the previous cloudflare ones it seems some chinese individual created a cloudflare acct to redirect my domain to their website. This is a very serious issue.


#2

TLDR: Removing an account after only 7 days of changed DNS is a security issue.


#3

When changes are detected indicating you don’t own a domain, a notification is sent. Best bet is to contact Support and let them know what happened, login to Cloudflare and then contact Cloudflare Support.


#4

Thank you, will do. The domain was and is mine, was just expired. That it’s removed from Cloudflare after only 7 days and anyone can add to their account and funnel traffic for malicious purpose is a big problem.


#5

You leave out the fact here that you ignored your registrar’s notices, let your domain expire, and didnt even check if everything was in order when you resurrected your expired domain. Sorry, but that domain cant be of too much importance for you.

No offence, but the lesson learnt here should be to never let a domain expire. You never know what happens at that point. And even if you do, double and triple check everything once it is back.


#6

I did not leave that fact, I expressly mentioned that on first 3 words. Domains expire all the time, happened even with Top500 companies from a multitude of reasons.
When it’s automatically removed this way there should be a safeguard not allowing another account to immediately add it, I think this is common sense and it’s a Pandora’s box.


#7

You did, I was referring to the “serious issue” bit.

Domains expire all the time because they were made to expire, not because they accidentally expired. The latter is a blunder and just because large companies are - occasionally - equally careless does not make it suddenly okay or the norm. If you want to keep a domain, dont let it expire.

Tell that to the person who registered a recently expired domain :wink:


#8

Sandro, it is a serious issue, not for me… but for Cloudflare. Instead of pointing the obvious I think it’s best to focus on what harm can be caused if this system continues, with high traffic websites not with mine that just hurt my image. The warning is here, now do whatever you like.


#9

No one can register an expired domain after 7 days, that is why it normally takes 42 days to be released. Do not allow another account to add a removed domain after 7 days, simple.


#10

You can also actively delete a domain, which shortens that period.

Anyhow, I am not saying there is no possible room for improvement. I am saying people bear responsibilities for their actions too.


#11

Therefore they need access to your registtrar’s panel since the name servers must match to those provided by cloudflare. Since the servers were changed back to those of your registrar or hoster…

What’s the TLD or gTLD?


#12

Once I renewed the domain the DNS returned automatically to the original Clouflare ones as I mentioned, so they just need to check whois info. I will not post my url publicly, can send privately.
Takes more than 2 months for domains to be available for registration again, unless backordered, and even so I can renew domains up to 42 days after expiration. There is no reason for Cloudflare to recycle this way after such a short period.


#13

How should that work for others? They can’t change the nameservers or even claim the domain.

About the the day count.

Once your domain has expired, it will be in Auto-Renew Grace Period (for 0-45 days), followed by a 30-day Redemption Grace Period. At the end of the Redemption Grace Period, you will not be able to renew your domain name. Your domain name will be released for registration by third parties.

https://www.icann.org/resources/pages/expired-2013-05-03-en

I didn’t ask for your domain. Only for the TLD (.com .de .net…) or gTLD (.berlin .club… ) :wink:

If there’s no traffic on a specifc domain they will delete it. I don’t know the exact period but’s it’s their choice how to maintain their systems.

Don’t get me wrong. I totally understand you!


#14

It’s a .com , I register domains for more than 2 decades, I know the life cycle. There was traffic, not much but not inactive, it’s my username elsewhere though so some people noticed. Now imagine with a bigger website.
No one changed nameservers except my registrar when the domain expired, and then returned to Cloudflare one’s when I renewed, but someone added my domain to their Cloudflare account as is redirecting it to a chinese website.


#15

Again what is done is done, I’ve been spending my time here trying to help avoid bigger harm if bigger websites are hijacked, but I don’t have much more to add… I inserted the direct webhosting nameservers now so it’s a matter of time until that malicious website is gone.


#16

This happened to us a few days ago, and what we noticed is while the domain resolved to a different IP, NS queries also resolved to 2 different cloudflare nameserver than what our registrar had. As soon as we added it back, NS resolved to our usual namerserver, before we even touched the zone.

Since it seems to ignore nameserver validation, I also think it could be a serious issue. You can easily these nameservers change through securitytrails.com, I can share the domain privately if you need it. It’s TLD is .com


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.