Security issue!


#1

You have to make a verification option when somebody adds a domain!
I have the issue when some of my domain and hosting expires and when i register it again but if i do not reactivate the hosting the nameservers on the domain stays the same and somebody can add this domain under the same nameservers and in this condition they steal the website before i can use them they give us a bad reputation. This also can happen when i forgot to setup a webhosting and somebody setup a hosting and add id in their account on this domain for me.
You can create a option to add some verification option in the nameserver names. The secont nameserver can be some hash like 038465j33d.todd.ns.cloudflare.com.


#2

Only after the domain expires can someone change your name servers unless they have access to your registrars username and password.


#3

Cloudflare has many security mechanisms in place.

For every domain they assign a unique combination of 51 male and 50 female name servers (2550 combinations). When another party adds the same domain as you (be it added, but not active or already active domain) they will get a different pair of hostnames (even if their account’s default are the same as you).

The only way to hijack a domain would be to either take control of the domain via the registrar (obviously if outside Cloudflare’s Registrar, accessing the account or forgetting to renew the domain) or have access to Cloudflare’s account (they would need you username and password and ideally 2FA).

The take away here is that there are no possible ways to take control of your domain (given standard procedures are done before expiry dates) unless you fail to secure the accounts at the registrar and at Cloudflare.


#4

@matteo… Do you fancy doing a wiki post on this? It comes up quite regularly and your response seems to sum it up perfectly :smile:


#5

Will do in the afternoon!


#6

the example is: kilburnfestival.co.uk
the domain is ours but some user under the cluster dell.ns.cloudflare.com;


#7

The nameservers are configured at the registrar to that pair. You can confirm this via WHOIS. Whoever controls that domain at the registrar set those values. If you don’t have control of your domain at the registrar the security issue isn’t with Cloudflare.

If you control the registrar and are pointing them to Cloudflare at a time where you do not have the service configured on Cloudflare, the security issue is again not with Cloudflare.


#8

Are you all wearing pink glasses! and you do not see a problem in that for some reason, i did not see the domain disappeared from my account and someone else added it at his account and that is not at Cloudflare consult?


#9

Without changing the nameservers of the domain, as @matteo said above, there is no way for anyone to take control of your domain on a different Cloudflare account.

This change can only have been done at the registrar.

Nope! Just explaining the ‘issue’ to you.


#10

The domain you posted earlier appears to contain malware that is redirecting visitors to elsewhere. This is again, not a Cloudflare security issue.


#11

@domjh see the axample above! I control the domain but someone else in the same node (dell, tod nameservers) add it to their account and point it to another hosting! and actually this is not the first time i see that!


#12

On the DNS tab of your CF dashboard, do you have an a record pointing to 185.117.155.106


#13

No for demonstration purposes i din’t add it at all in my account!


#14

So is that domain yours?
Have you added it to your Cloudflare account?


#15

the history of the domain is:
registered->pointed to cloudflare->domain expired->cloudflare system deleted it from my account->someone see that->add it to their accout->i renew the domain and see that points to cloudflare (leave it like that i dont see that the domain is disapeard from my account)->the domain points to another hosting!
Actually some people are taking advantage of this issue for sure!


#16

So far so good. I presume your registrar changed the nameservers to its own, otherwise Cloudflare shouldnt have deleted it. Can you confirm that?

They can add it, but it wont validate in their account until they changed the nameservers.

You renewed it, you did not register it newly, right? In that case your registrar either kept his nameservers or reinstated your previous ones. Considering you said it pointed to Cloudflare I would assume it was the latter. Can you confirm that?


#17

i dont know the exact sequence but i assume that they add it to this account after i renew it and domain start points back to cloudflare


#18

If you cant confirm these things it is difficult to impossible to retrace what happened.

The point is they can add your domain all they want, if they cant change the nameservers the domain will never validate for their account.

What I immediately notice in your case is that the nameservers set up by you with your registrar do not match what Cloudflare announces. The dell one is correct, but you also defined todd whereas Cloudflare asked for norm.


#19

i dont know the situation with norm. but in domain cofiguration norm. does not exist. if there is third nameserver with validation hash is required this would not happened.


#20

Can you post a screenshot of your DNS settings on Cloudflare and one of your nameservers at your registrar?