Answer these questions to help the Community help you with Security questions.
What is the domain name?
lxns,org
Have you searched for an answer?
Yes
Please share your search results url:
No result
Describe the issue you are having:
At first I found that my domain was hijacked (access jumped to other phishing sites), so I checked if the server was attacked, but there was no trace of any attack. Secondly, I suspected whether Cloudflare access to the source server was hijacked, but it was not the reason. After I opened Under Attack Mode and set the firewall rules (all blocked), but the User-Agent carrying Windows will still automatically 301 jump to the phishing site, not carrying can return the results normally.
Then I set up a firewall and blocked all requests, but the problem still persists, and it didn’t log any requests that contains Windows User-Agent.
What error message or number are you receiving?
When I turned on firewall in Cloudflare:
- UA didn’t contain Windows: 1020 error
- UA contain Windows (No log in firewall): 301 redirect to harmful URL
What steps have you taken to resolve the issue?
-
At first I thought that Cloudflare was being hijacked when requesting the source server, so I changed the SSL/TLS encryption mode to Full (strict), but the issue still exists
-
Then I turned on Under Attack Mode, and requests without a Windows User-Agent displayed authentication normally
-
Then I set my Cloudflare firewall rules to deny all requests, but the issue still exists
Was the site working with SSL prior to adding it to Cloudflare?
Yes, used cert by Let’s Encrypt.
What are the steps to reproduce the error:
- Check my vultr server stats (is it being attacked? No)
- Set SSL/TLS encryption mode to Full (strict)
- Set Cloudflare Firewall: Deny ALL
- Go to Liberate the Hostname
The issue still exists.
Have you tried from another browser and/or incognito mode?
Yes, I tried by curl and Chrome in my macOS computer and Windows Server.
Please attach a screenshot of the error:
