Unknown domain in my account

I just logged in to my account today and saw a domain name that I don’t recognize. I tried to visit the website but Chrome is blocking with “Deceptive site ahead” red page. No one else has my password to this account and I have TFA enabled.
I went through the audit logs and found out that it added was about 3 weeks ago from an IP in Brea, California USA which is owned by dreamhost.com. How is this possible and why was there no email sent to me alerting me about this?

Okay, I see an email about this in my Junk mailbox. It is from Cloudflare saying that the domain was added through DreamHost. I do have a DreamHost account but I don’t have any domain names in it. Whoever added the domain, how did they get access to my account?

It could have been through your API. If you’re not using the API for anything, change the API key in your Profile.

1 Like

In addition to the lock down and security steps on Cloudflare, you may want to make certain that your account on dreamhost is locked down as well. They may be also to tell you how it got there.

Okay, I’ve just changed all of my API keys and passwords on both Cloudflare and DreamHost. And have created a ticket with them to report the incident.
@cloonan Please make sure that you improve your email delivery on Gmail. If the email was delivered in my Inbox I would’ve caught this as soon as it happened.

Thanks

1 Like

please let me know what happens next, this is some freaky stuff man.

@user1081 Agree. Have you gotten any update yet? :zipper_mouth_face:

I received a reply from Dreamhost about this, they had asked me to provide my Cloudflare “username” to check against the record, and they’re saying that “the domain
spinningyourgold.com is not using (–my email–) as the login for
the Cloudflare account linked via the DreamHost panel. You may wish to
contact Cloudflare directly for any additional information on this
matter.”
cc @cloonan

1 Like

In general I would advise against using partner integrations in the future…

At this point, I recommend opening a support ticket https://dash.cloudflare.com/?account=support. Feel free to explain the situation and/or link this thread.


If only it were that easy :laughing: Cloudflare uses Mandrill/Mailchimp and every email I can find in my inbox shows signed-by: notify.Cloudflare.com. The culprit is probably the link to the domain, Google may have already had it blocklisted, so an email with that domain name in the body text probably set off some junk alarms.

3 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.