Someone adding CF Apps even 2FA - Hack?


Yesterday my CF account was hacked as someone changed the email and password.
Fortunately I was able to recover and enabled 2FA yesterday. Hacker added html Js redirect through the ‘Apps’ available on CF. I deleted them yesterday.

But today also I see the same problem that my website traffic is being redirected to the other domain. And the method was same an App was created in CF Apps.
My question - How it is possible? does any one still have access to my cf account even I have changed my pass and enabled 2FA?

How to resolve this please guys help me.

I would check for API tokens. You should also review your audit log

1 Like

Hi, I can see the logs, but what should I do? I am not sure how to stop this.

As above. If the hacker got an API token then you will need to roll/delete any existing/unknown token or change global ones:

1 Like

Thanks Freitasm, there were no tokens available, I have now changed the global one. Lets see.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.