Website down due to token change in dns zone

I had a “friend” create my website. For whatever reason this person logged into my account and changed the dns zone to web_services. since then my site no longer works, how do i reverse the token change.

You have now learned why it is important to never share credentials and always use multifactor authentication.

Are you able to access your account? If so you should secure the account by changing your password, adding multifactor authentication and making sure that no other accounts or API tokens have unauthorized access.

You can search your audit log for any unexpected changes.

I changed the passwords, etc and I can see when the change was made in the audit log. I want to know how i can reverse what was changed if possible. The person had the password because they had set up and created my website. I did not expect them to go and sabotage it.

Good.

The audit log should show you what was changed, although if it is indeed a token, there is no changing it back. You simply revoke the token and it can no longer be used.

Have you checked your DNS entries to make sure that your host names are using the correct origin IPs?

i am not tech savy so I don’t know if the ip addresses are correct. The site was created on cloudflare and apparently on whosis says cloudflare has my domain but the ip address shows my site is now on oracle cloud infrastructure, Again I don’t know how this works. This is what I found in the audit log:

2023-08-08T20:25:15-04:00

User IP Address:

2607:fea8:3a9f:8993:184b:5701:54ac:f994

Resource:

account

Old Value:

Edit zone DNS

New Value:

web_services

Audit Record:

3081872e-f3d5-4bfe-bebc-39c53f277b42

Metadata:

{ "new_token_name": "web_services", "old_token_name": "Edit zone DNS", "token_tag": "667f48785cc150ada84ba111bd7d7e1b" }

this is the only thing that was changed so I don’t know what to do.

This is extremely unlikely. Cloudflare generally is not a hosting service. It is far more probable that it was chosen to host the DNS zone for your domain and the site was created elsewhere like:

Considering that you posted a month ago about your site being on Oracle Cloud, this seems more likely.

You are probably going to need to hire someone who does. The help that the Community can offer is dependent upon you having at least minimal technical knowledge as well as you having access to the host that contains your site content. If you don’t even know where that is, it is going to be impossible to assist. Have you asked the person that originally built your site?

Have you considered the possibility that the person who was running the server on Oracle Cloud decided to turn it off?