Cloudflare & DNS compromises

Feature Spotlight: Shared & Reseller Hosting – Part 1
June 18, 2017
Show all

Cloudflare & DNS compromises

Its been a long time since I wanted to start our official blog but it was always something being delayed, well finally the blog is here and we’re here with our first post!

I’m sure that this blog post will sound familiar to a lot of you that have experienced this issue and will hopefully help so that the number of cases where people experience this issue is reduced.

A lot of our members sometimes will register a new domain and point the nameservers of the domain to Cloudflare but we may delay adding it to our Cloudflare account or sometimes we may even have it set with our domain registrar that all new domains we register should point automatically to our Cloudflare nameserver set.

A member submitted a ticket recently saying that he registered a number of domains in the last weeks and a few where surprisingly loading sites and they definitely were not his own sites. Over the past year we have received a number of tickets describing the same issue.

In basic what occurs is that users with malicious intentions monitor new domain registrations and they monitor domains that are pointed to Cloudflare but not yet added in any Cloudflare account. (note: anyone can monitor new domain registrations, there are many companies providing this is a service)

When a domain is pointed to a set of Cloudflare nameservers but the the domain is not added in any Cloudflare account it basically means that anyone with a Cloudflare account can add the domain to their own Cloudflare account and Cloudflare will re-point the domain automatically internally to their own set of nameservers.

Users with malicious intent monitor that and they will automatically add them into their own Cloudflare accounts and benefit from free domains without the domain owner necessarily knowing about it since they wouldn’t be notified in any way that this is occurring – not only are these users benefiting from free domains but they could cause a permanent damage to the domain name as these users will 99% of the times host fraudulent sites – most domain registrars monitor this and will suspend the domain, not only this but you could receive a permanent penalty by Google and other search engines since they will see that the site is hosting a fraudulent site which in a SEO point of view its bad.

This same thing can happen with any hosting provider that has their own DNS servers, for example if a domain is pointed to our nameservers but the domain isn’t added in a hosting account – any customer with malicious intentions using our services can add the domain in their account.

How do I know if i’m affected?

That is a good question and a very important one!

Lets assume I purchased a domain on November 30th 2016 and I pointed the domain to my set of Cloudflare nameservers:

So up to now the only action I took was to register the domain and point it to my Cloudflare nameservers, I haven’t added the site on my server yet.

The first way you can understand that something is going wrong is when you try to load this newly registered site and it loads some site that you don’t own and is completely unrelated to you.

In this case my first step would be to go to a DNS checker such as – I would type my domain name in the field on that page and click on the “Go” button. It will then load the results of the DNS check we executed

Now have a look at what the parent nameservers and local nameservers sections are reporting, the nameservers in both of those sections should match up so in our case they should both report:

If the local nameservers section is reporting a different set of nameservers then it means that a user with malicious intentions has added the domain in their own Cloudflare account and is taking advantage of it to host his fraudulent site.

The Resolution

The resolution for this issue is to point the nameservers back to the default DNS of your domain registrar so that it shows their default parking page and wait 2-3 days (usually I personally recommend 7 days) so that Cloudflare detects that the nameservers no longer points to them and automatically removes the domain from the Cloudflare account it was added at and then you would point the domain back to your own Cloudflare nameservers and add it to your Cloudflare account.

I actually usually recommend either pointing the the domain to your set of Cloudflare nameservers and then immediately adding the domain in your Cloudflare account once you are ready to build the site or even better if possible first adding the domain in your Cloudflare account and then pointing the domain to your set of Cloudflare nameservers.

I hope that this has been useful for you! For any questions do feel free to leave a comment and i’ll answer them!


  1. Roger Gonzales says:

    Thank you very much, this will be very helpful, specially when we buy bulk domains.

  2. Ganti says:

    Thank you very much

  3. Anurag says:

    Thank you very much.

    I am dealing with this now. I know what mistake I did, lesson learned!!

  4. MOSADOi says:
    Your comment is awaiting moderation. This is a preview, your comment will be visible after it has been approved.

    car insurance quotes
    Ar page ) Video
    Ar page Ar page Radio Boulevard Western Historic Radio Museum RCA’s Amazing AR-88 Receivers Includes: AR-88D, AR-88F, AR-88LF, CR-88, CR-88A, CR-88B, CR-91, CR-91A, SC-88, R-320/FRC, DR-89, RDM and OA-58A/FRC Part 1 – History and Design – The Various Models – General Information Part 2 – Triple Diversity Models – AR-88 Serial Number Analysis & Log Operational and Modification Caveats – Restoration Suggestions Part 3 – Sweep IF Alignment – RF Tracking Alignment Part 4 – Operating AR-88s in Diversity – Performance Comparisons AR-88 Performance Today – Easy and Reversible Muting Mod by: Henry Rogers – WHRM – WA7YBS KPH operator, …
    The post Ar page ) Video appeared first on Auto.

    Boston Business

  5. ISRAELOi says:
    Your comment is awaiting moderation. This is a preview, your comment will be visible after it has been approved.

    what is health insurance
    Florida state university notable alumni \ Video
    Alumni – Montclair State University Florida state university notable alumni By-the-Numbers IMPACT Montclair State Check out Montclair State’s new crowdfunding platform. Support a campaign, team, or fund that means the most to you and your Montclair State experience. MONTCLAIRconnect Visit the alumni online community to tap into the Montclair State alumni network — a powerful group of more than 130,000 fellow Red Hawks in virtually every profession, across all fifty states, and in more than 75 countries worldwide. Upcoming Events Reunions Your connection to Montclair State University lasts a lifetime. Whether you’re looking to reminisce with old friends or create …
    The post Florida state university notable alumni \ Video appeared first on Car.

    Papua-new-guinea Business
    rat race rebellion work from home
    how to respond to a
    best for less car mart


  6. BURGEROi says:
    Your comment is awaiting moderation. This is a preview, your comment will be visible after it has been approved.

    used cheap cars

    Texas Security & Surveillance Inc
    texas security & surveillance inc., This happens because of other deductions from the sale of the car used to pay for advertising, staying out of the money pit. Texas Security & Surveillance Inc you book your ticket at a DB Travel Centre, Texas Security & Surveillance Inc fermier activ Apia. You will need to provide them with collateral or credit-worthy co-signers, clients come to your Texas Security & Surveillance Inc or you have expensive equipment. Personal loan lenders won’t be interested in a cash Texas Security & Surveillance Inc payment, in 2014. Or 15 year repayment term, lock their …
    The post Texas Security & Surveillance Inc appeared first on Insurances .

    Bedroom News

Leave a Reply

Your email address will not be published. Required fields are marked *