Unknown domain in my account

#1

I just logged in to my account today and saw a domain name that I don’t recognize. I tried to visit the website but Chrome is blocking with “Deceptive site ahead” red page. No one else has my password to this account and I have TFA enabled.
I went through the audit logs and found out that it added was about 3 weeks ago from an IP in Brea, California USA which is owned by dreamhost.com. How is this possible and why was there no email sent to me alerting me about this?

0 Likes

#2

Okay, I see an email about this in my Junk mailbox. It is from Cloudflare saying that the domain was added through DreamHost. I do have a DreamHost account but I don’t have any domain names in it. Whoever added the domain, how did they get access to my account?

0 Likes

#3

It could have been through your API. If you’re not using the API for anything, change the API key in your Profile.

1 Like

#4

In addition to the lock down and security steps on Cloudflare, you may want to make certain that your account on dreamhost is locked down as well. They may be also to tell you how it got there.

0 Likes

#5

Okay, I’ve just changed all of my API keys and passwords on both Cloudflare and DreamHost. And have created a ticket with them to report the incident.
@cloonan Please make sure that you improve your email delivery on Gmail. If the email was delivered in my Inbox I would’ve caught this as soon as it happened.

Thanks

0 Likes