Website is offline


#1

Hello,
I have removed Nameservers from CloudFront but after some days now my website goes offline. Here is the response from AWS. Kindly help.

Hello, Thank you for contacting AWS Premium Support team. My name is Nevin and I will be assisting you with your case today. I assuming you are referring to the domain "www.betterlifeportal.com. Please correct me if you are referring to some other domain. I could see that currently this domain is resolving to the IP address 93.179.121.87 using the Cloudflare name servers. The site shows offline when it is accessed using HTTPS. To confirm the same, I ran telnet against the IP address 93.179.121.87 and it’s not getting connected. Please refer below output : === telnet 93.179.121.87 443 Trying 93.179.121.87… telnet: connect to address 93.179.121.87: Connection refused === It seems port 443 is not open in 93.179.121.87 and that is why the site is not accessible using HTTPS. Also, when the site is accessed using HTTP, it seems to be showing a fake CAPTCHA page. Clicking on CAPTCHA image redirects to another website. So I have checked further on the IP address 93.179.121.87. This IP address does not seem be a Cloudflare IP address[1]. The IP address belongs to Transit Telecom in Russia. So, I assume that the domain is resolving to incorrect IP address, which is why the site is down. The website is loading fine if we bypass Cloudflare name servers. You can confirm this by accessing the below preview URL. It shows how the site loads from the EC2 instance IP address 18.233.33.32 bypassing Cloudflare name servers. Please note that this is just a preview URL so it has some limitations. === http://preview.afrihost.com/18.233.33.32/https://www.betterlifeportal.com === Also, port 443 is open in the security groups and I am able to connect to the instance via port 443. === telnet 18.233.33.32 443 Trying 18.233.33.32… Connected to 18.233.33.32. === Unfortunately, Cloudflare is a third party CDN service and I do not have the required expertise or access to delve further on this. Hence, my recommendation is to contact Cloudflare support team and verify if the IP address 93.179.121.87 is correct or not. If not, please ask them to point the domain to the correct Cloudflare IP address. I really hope this information is useful to you. If you have other questions or require any further clarifications please don’t hesitate to reply to this case and I’ll be happy to help. Also, be sure to let me know if I have misunderstood anything here. Best regards,

What should I be doing? Kindly help


#2

At least AWS knows that CF is a proxy and took the right steps to identify the issue. Many web hosts are very bad at troubleshoot and just always blame CF.

This is the key. Your website’s IP seems to have been hijacked to point to a scam IP.

Can you go to the Cloudflare dashboard, click the DNS tab, then make sure the record with the name “www” points to the correct IP address? The correct IP address should be 18.233.33.32 based on your AWS support ticket. Feel free to post a screenshot here as well.


#3

Hi Judge,
I have removed the website from CloudFlare couple of months ago. I am seeing this issue since 3 days only.
Regards
Suman P.


#4

So You have no intention of using Cloudflare?

In that case, it looks like your registrar account was logged in to. Where you registered the domain name is the company responsible for setting your nameservers correctly.

Since it’s currently registered at AWS, You should

  1. Change your AWS password
  2. Set up 2FA/MFA on your AWS account
  3. go to the AWS Route53 domain management page and make sure your nameservers point to the correct nameservers
  4. Reply back to your support ticket explaining that you are not a Cloudflare customer right now, and ask for help with learning how the nameservers were changed to Cloudflare