Websites in cloudflare redirects to a different site

ptyxiakes dot gr website redirects to nkbihfbeogaeaobhlefnkodbefgpgknn.com
support4students dot gr website redirects to nkbihfbeogaeaobhlefnkodbefgpgknn.com
diplomatikes dot gr website redirects to nkbihfbeogaeaobhlefnkodbefgpgknn.com

does anyone please knows what is going on ?

thank you

Your Cloudflare account has most likely been hacked. That site used to be a metamask clone/phising page, you’re not the first one to get your account compromised and redirects added for it.

Follow this guide:

As for deleting the actual redirect:
Check your Audit Log (Manage Account → Audit Log) for any unauthorized changes.
If you can’t find the redirect being created there, it’s most likely either a Single Redirect (within your site in CF Dash, go to Rules → Redirect Rules, look at Single Redirects) or a Page Rule Redirect (check under Rules → Page Rules)

4 Likes

Thank you very much Chaika!
My account has been hacked. The Page Rule Redirect has been changed (the redirect of the web sites has been added there).
It can be seen also from Audit Log as you suggested

Thank’s a lot!

Στις Δευ 2 Οκτ 2023 στις 6:07 μ.μ., ο/η Chaika via Cloudflare Community <[email protected]> έγραψε:

2 Likes

question for @chgeorgo ,
Did you have MFA enabled on the account that was compromised?

Στις Τρί 3 Οκτ 2023 στις 10:35 μ.μ., ο/η alan.sarzynski via Cloudflare Community <[email protected]> έγραψε:

@chgeorgo
Not sure what that last message means?

Like @alan.sarz , I’m eager to hear if you had MFA enabled on your Cloudflare account.

Any ideas how your account was hacked?

same password from other sites?
Commonly used password?
Not complex?
Had you accessed your cloudflare account from a public PC?
Malware on your private PC?

I am new here and generally paranoid in general. I’m always wondering how hacks occur.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.