My websites are not working as they should. is redirected to another spam site. When I change the dns records to “only dns”, everything gets better. but when I set it to “proxied” again, it is directed to other website :
on members page, only my email is there.
on Audit log, there is 2 members are changing sth.
first is me, second is “Cloudflare”. i dont know this member CLOUDFLARE is a fake name or not.
on api tokens, there is api tokens for wordpress, but i think i create them for my wordpress websites. i created api tokens to integrate with litespeed cache plugin.
The one you see here, seems to be Cloudflare’s Universal SSL that have obtained a SSL/TLS certificate for your website.
The timestamp from your image, being “2023-11-04T04:14:25+01:00” seems very consistent with a Google Trust Services (GTS) certificate that was issued, according to the certificate information, on “Nov 4 02:17:09 2023 GMT”.
However, it seems like another one have been issued yesterday, and right now, Cloudflare (primarily) uses two different certificates (issued through Google Trust Services (GTS) and Let’s Encrypt), for your website, with the records you have set to Proxied ():
Such certificate issuances that Cloudflare does on your behalf are showing up like in the screenshot you posted, with a couple of “Rec add” and “Rec del” actions, appearing as being made by the user “Cloudflare”, and would be nothing to worry about, assuming you can confirm that they are on your Edge Certificates page.
That said, -
If you, as you indicated above as a response to @sjr, have taken the proper steps to secure your account, and enabled 2FA authentication, as well as cleared any unknown API tokens, and account members from your account, (and cleared Page Rules / Redirect Rules and other things that may have been modified), I would go as far as to believe that everything should be all right now.