Unknown SSL behaviour

Not sure if this is normal or not, but noticing a lot of DNS records being added via API for TXT records _acme-challenge. I also received an email of a certificate reallocation.

Is this something to be concerned about?

Thanks

Date:2023-08-25T13:59:08+12:00
Resource:DNS_record
New Value:
{
  "comment": null,
  "content": "ulEr7Z0WfyYCIoWPLVjvnFjhNwYYq5_GX0MAK7-8Iok",
  "id": "d1491fd3c597c67a8468dbdf25cabc16",
  "name": "_acme-challenge.********.com",
  "proxied": false,
  "tags": [],
  "ttl": 1,
  "type": "TXT",
  "zone_name": "*******.com"
}
Interface:API
Audit Record:0c24903f-573a-447b-8b3e-cae97adc1346
Metadata:
{
  "grpc_client_name": "bushbaby",
  "zone_name": "*********.com"
}

CF wouldn’t add any records on your behalf except when you add a site, CF imports DNS records. Apart from that, I suggest you to check the Audit log from your dashboard to see any third party access and make sure if your account is safe and not compromised.

When you see Cloudflare listed as the actor, those would be most likely be related to obtaining proxy certificates.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.