So, I've inherited the origin IP of a Cloudflare site

It looks like my shiny new VPS has inherited an IP that is still configured as the origin IP of a Cloudflare site. To make things worse, the hostname that now points to my server seems to have been used for malware and/or phishing in the past. So there are malicious links on various social media that now point to my server. Of course there is nothing bad there now that the IP is mine, but I’m still receiving unwanted traffic.

How can I get Cloudflare to delete the offending DNS records? I don’t want to file an abuse report, because it will be forwarded to the hosting provider of the origin site… Which is now my VPS provider, so that would backfire on me.

Set up an authenticated origin pull (the certificate must be your own, not the generic Cloudflare one as that won’t help in this case). Cloudflare connections to your origin through zones that don’t have your certificate will be rejected.


Thanks, but I don’t think that will help in my case. This server is not configured for Cloudflare, and I don’t want to add it to Cloudflare. Also, I don’t think it wouldn’t help with any non-TLS traffic.

I’m wondering if there is some kind of automated procedure where I could prove that I own this server, and Cloudflare would stop doing whatever it’s doing with it? Remove any DNS records pointing to it, strop proxying it, etc.

(Sorry, just assumed you were using Cloudflare too!)

If the domain wasn’t on Cloudflare, it could still have been pointed at your IP address so not much you can do.

As you’re not using Cloudflare, you could block Cloudflare IPs at your firewall to stop the traffic…

Or, as it’s a VPS, can you ask the provider to change your IP address?


Thanks, I’ve done something similar, and I’ve also tried to contact the registrar of that domain with a message for the registrant.

The situation is not quite the same as if someone just pointed their domain to my IP. Going through Cloudflare means my website is available using their hostname with a valid TLS certificate. That wouldn’t happen “by accident” in any other scenario (of course you could also setup your own reverse proxy instead of using Cloudflare, but that wouldn’t happen without intention).

It seems to me it would be beneficial if Cloudflare had some kind of “takedown request” procedure, which would disable any proxying to a specific site after some ACME-type challenge.

I recommend configuring your web server to block requests with a host header that does not match your domain. Then you don’t have to care about who points their domain to your server’s IP address.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.