URGENT:Cloudflare IP address changed

I logged into my website and there was an error message that the IP address had changed. I’m not sure why as I’ve done nothing to change it. Anyway,

I logged into cloudflare and see that 2 A records for www were resolving to Cloudflare, 104.18.39.201. I changed one of them to my hosts IP 66.70.177.74 but can only change one of them. Do I need to keep the Cloudflare A Record or can I delete it?

This site is https://www.mysite.com, so if I can keep that I think that is best but can I? And if I can’t then I need to redirect the www site to non www, is this right?

On Cloudflare’s DNS dashboard you should never put the Cloudflare IP, but the server’s IP. If the IP was changed without your consent change your password and check the audit log. You should never give access to your account to third parties, especially if not trusted.

Hi Matteo, thanks for getting back! So if I delete the cloudflare A record, it should sort it out?

Yes, those IPs should only appear on DNS lookups if the proxying is enabled, not anywhere else, you shouldn’t even care to know them.

is the audit log on cloudflare?

I didn’t give permission to anyone so now I’m concerned the site or cloudflare was hacked? Next steps…

i have already created a new account on cloudflare and deleted the old one.

change passwords on wordpress website

on whynopadlock.com the URL is getting a green padlock on https://sitename.com but https://www.sitename.com is getting no green padlock.

from Cloudflare >> Your SSL/TLS encryption mode is Full but

Traffic Served Over TLS

Last 24 hours

None (not secure)

7

TLS v1.2

6

TLS v1.3

302

I would doubt you would be the only target, it would have been news. Not possible…

Doesn’t make sense, the website is uncorrelated to the IP on the Cloudflare Dashboard.

This is unnecessary, go anche check the audit log, it’s in the main top bar once you open the actual dashboard (on the domain selection).

This is a completely different issue and the www subdomain will give errors given that you had wrong settings.

One more thing, this unrelated to the numbers below, also Full is not the best setting there, ideally it would be Full (Strict) if the origin can support it (and it should…).

The audit log doesn’t show anything except for today’s activity. I went back to Jan 1 2020.

Then you have had the wrong setting for that long. Check again, but there is no other alternative.

I changed to Full Strict.

As for https://www.my-site.com, this was the default URL and was working until last week.

So could you tell me what I need to do to get this working again? I’m sorry but this isn’t my fortay, but you probably already knew that lol.

Does your origin has a valid certificate (as in does the website work with HTTPS with Cloudflare disabled)?

Check that all the IPs for all the records are correct and the ones that the hosting providers tell you.

They’ve not been much help frankly. They directed me here to get answers.

Not that I can see. They want me to purchase one.

They were kinda correct, but when you set-up hosting there must be something, an IP or a website, to point your DNS to to configure. Otherwise you have no idea what to put in… make sure that is configured as told in the root and www subdomain.

That is kinda unacceptable at this point. Are you able to install one for yourself? Cloudflare does offer free origin certificates that only they trust to secure the Cloudflare <-> origin connection.

The records are a bit of a mess quite frankly. the domain has moved a couple of times but records weren’t updated, and well, I’m not sure what is safe and what isn’t to delete.

They told me to use their nameservers temporarily, then delete all the records in cloudflare except the A record for domain and subdomain. Then to reconnect cloudflare. but cloudflare didn’t pick up the new records from the domain and host.

So i created a new cloudflare account and the old records were there. So I thought if I started over it would help. But I don’t want to delete anything else. Is it safe for me to share a screenshot of all the records from cloudflare here with you?

You could then delete the post, it would remain here for 1 hour. Post the image by itself and comments separately so they do remain…

EDIT: there were 2 A records for langleywritingservices pointing to cloudflare. I deleted one and changed the other to point to the host.

Alright, the first 4 if they point to an old host for the e-mail must be deleted, they will try to configure clients (if they work at all given that they are proxied).

Delete the 2 AAAA records, those are also Cloudflare’s.

ftp, imap, pop and smtp won’t work unless unproxied given the ports they use.

Next, I see an SPF record, which allows BlueHost to send e-mails, but you don’t seem to use them (SiteGround and OVH only, apparently…?) check that as well.