Cloudflare & DNS compromises

Feature Spotlight: Shared & Reseller Hosting – Part 1
June 18, 2017
Show all

Cloudflare & DNS compromises

Its been a long time since I wanted to start our official blog but it was always something being delayed, well finally the blog is here and we’re here with our first post!

I’m sure that this blog post will sound familiar to a lot of you that have experienced this issue and will hopefully help so that the number of cases where people experience this issue is reduced.

A lot of our members sometimes will register a new domain and point the nameservers of the domain to Cloudflare but we may delay adding it to our Cloudflare account or sometimes we may even have it set with our domain registrar that all new domains we register should point automatically to our Cloudflare nameserver set.

A member submitted a ticket recently saying that he registered a number of domains in the last weeks and a few where surprisingly loading sites and they definitely were not his own sites. Over the past year we have received a number of tickets describing the same issue.

In basic what occurs is that users with malicious intentions monitor new domain registrations and they monitor domains that are pointed to Cloudflare but not yet added in any Cloudflare account. (note: anyone can monitor new domain registrations, there are many companies providing this is a service)

When a domain is pointed to a set of Cloudflare nameservers but the the domain is not added in any Cloudflare account it basically means that anyone with a Cloudflare account can add the domain to their own Cloudflare account and Cloudflare will re-point the domain automatically internally to their own set of nameservers.

Users with malicious intent monitor that and they will automatically add them into their own Cloudflare accounts and benefit from free domains without the domain owner necessarily knowing about it since they wouldn’t be notified in any way that this is occurring – not only are these users benefiting from free domains but they could cause a permanent damage to the domain name as these users will 99% of the times host fraudulent sites – most domain registrars monitor this and will suspend the domain, not only this but you could receive a permanent penalty by Google and other search engines since they will see that the site is hosting a fraudulent site which in a SEO point of view its bad.

This same thing can happen with any hosting provider that has their own DNS servers, for example if a domain is pointed to our nameservers but the domain isn’t added in a hosting account – any customer with malicious intentions using our services can add the domain in their account.

How do I know if i’m affected?

That is a good question and a very important one!

Lets assume I purchased a domain on November 30th 2016 and I pointed the domain to my set of Cloudflare nameservers:

So up to now the only action I took was to register the domain and point it to my Cloudflare nameservers, I haven’t added the site on my server yet.

The first way you can understand that something is going wrong is when you try to load this newly registered site and it loads some site that you don’t own and is completely unrelated to you.

In this case my first step would be to go to a DNS checker such as – I would type my domain name in the field on that page and click on the “Go” button. It will then load the results of the DNS check we executed

Now have a look at what the parent nameservers and local nameservers sections are reporting, the nameservers in both of those sections should match up so in our case they should both report:

If the local nameservers section is reporting a different set of nameservers then it means that a user with malicious intentions has added the domain in their own Cloudflare account and is taking advantage of it to host his fraudulent site.

The Resolution

The resolution for this issue is to point the nameservers back to the default DNS of your domain registrar so that it shows their default parking page and wait 2-3 days (usually I personally recommend 7 days) so that Cloudflare detects that the nameservers no longer points to them and automatically removes the domain from the Cloudflare account it was added at and then you would point the domain back to your own Cloudflare nameservers and add it to your Cloudflare account.

I actually usually recommend either pointing the the domain to your set of Cloudflare nameservers and then immediately adding the domain in your Cloudflare account once you are ready to build the site or even better if possible first adding the domain in your Cloudflare account and then pointing the domain to your set of Cloudflare nameservers.

I hope that this has been useful for you! For any questions do feel free to leave a comment and i’ll answer them!


  1. Roger Gonzales says:

    Thank you very much, this will be very helpful, specially when we buy bulk domains.

  2. Ganti says:

    Thank you very much

  3. Anurag says:

    Thank you very much.

    I am dealing with this now. I know what mistake I did, lesson learned!!

  4. REMONTOi says:
    Your comment is awaiting moderation. This is a preview, your comment will be visible after it has been approved.

    Illinois dmv contact * Video
    Illinois DMV Services, Office Locations, and Guides – Page 2 of 2 – DMV Connect Illinois dmv contact Illinois DMV Guide – The Illinois Department of Motor Vehicle Explained ID & Driver’s License Title & Registration Safety & Violations The Office of the Illinois Secretary of State – Driver Services The Illinois Secretary of State oversees driving services throughout its 102 counties. At a DMV office, you can do tasks like IL driver permitting & licensing, vehicle registrations & renewals, title transfers and duplications, tax services, driving records, and more. Drivers can also access a wealth of information on-location or …
    The post Illinois dmv contact * Video appeared first on Finance USA.

    Hosting News

  5. SARAOi says:
    Your comment is awaiting moderation. This is a preview, your comment will be visible after it has been approved.

    how to get a detailed credit report

    Missouri institute of technology ( Video
    Facts and Figures, Who We Are, University of Missouri System Missouri institute of technology Facts and Figures University of Missouri System The University of Missouri System is a $3B enterprise with a broad statewide reach, composed of four universities, a health system and an extension division, along with numerous research parks, business incubators, health centers and affiliates and more. UM System is governed by a board of curators, with the day-to-day management of the enterprise led by the president. The president’s executive team, which includes the chancellors of the four universities, as well as the vice presidents, general counsel and …
    The post Missouri institute of technology ( Video appeared first on Travel.

    Mississippi Business
    lavilin deodorant walgreens
    amazon com distribution
    good cars under 1000 dollars
    used cars for sale


Leave a Reply

Your email address will not be published. Required fields are marked *