My domain got hijacked | Cloudflare Developers | Page 1

vivid ember Nov 3, 2023, 10:30 AM

#

Hello, I have a website on kagyi.net and now it's keep redirecting to a wierd website. I see no change in DNS records. The issue is going on for about a week and how do I fix.

celest hornet Nov 3, 2023, 10:46 AM

#

I think your domain has been expired and other guy bought same domain.

#

@vivid ember Are you Korean?

#

I checked kagyi.net's whois and they said

In March 2023, one of guy has been exchanged your domain to hosting.kr(InterServer) domain system, and this guy is living in Gyeonggi-do state in Korea.

#

Follow this link for more details: https://www.whois.com/whois/kagyi.net
https://tucowsdomains.com/

Whois kagyi.net

Whois Lookup for kagyi.net

Tucows Inc.

Tucows Domains.

Information about Tucows Domain Names

vivid ember Nov 3, 2023, 10:53 AM

#

No it's not expired yet

sand rain Nov 3, 2023, 10:58 AM

#

and you had this domain previously and was working fine but is messed up now ??

thick jewel Nov 3, 2023, 10:59 AM

#

Your website returns HTTP code 301 Moved Permanently with the Location header pointing to the weird website. Maybe your server got infected and now just redirects all requests? I've never had to deal with it myself, but I've heard a lot of stories about people's websites on WordPress getting infected because they used a vulnerable plugin or something like that.

lean sparrow Nov 3, 2023, 11:17 AM

#

Its also possible your Cloudflare account was compromised and used to create a redirect rule https://developers.cloudflare.com/fundamentals/account-and-billing/account-security/securing-a-compromised-account/

Secure compromised account · Cloudflare Fundamentals docs

If you observe suspicious activity within your Cloudflare account, secure your account with these steps.

pallid roost Nov 3, 2023, 11:35 AM

#

@vivid ember try to log into cloudflare, and disable proxy for the DNS. That should/would disable any CF interference.

If you still get the problem with the 301 to another site, then it is most likely your webserver that got compromised.

vivid ember Nov 4, 2023, 9:40 AM

#

pallid roost <@864511366991708161> try to log into cloudflare, and disable proxy for the DNS...

Turning off the proxies solves my problem! Thank u! How does it work and is it a cloudflare issue?

pallid roost Nov 4, 2023, 9:42 AM

#

vivid ember Turning off the proxies solves my problem! Thank u! How does it work and is it a...

If turning off proxy solves your issue, then your Cloudflare account most likely got hijacked OR your Cloudflare DNS points to a no-longer-valid IP for that domain.

First off, change your Cloudflare password - then enable Two-Factor Authentication.

After that, check your DNS settings in Cloudflare - make sure they are aligned with your webserver.

Then, go into page rules and look for a redirect rule - remove any redirect rule that might be causing this problem.

lean sparrow Nov 4, 2023, 9:42 AM

#

Please also reset your API key, there are instructions on the page I sent

pallid roost Nov 4, 2023, 9:43 AM

#

vivid ember Turning off the proxies solves my problem! Thank u! How does it work and is it a...

Also, you would need to have a look at your Page Workers, they might also cause a redirect.

#

Besides Page Rules and Workers, I am not currently aware of any other mechanism that can redirect an entire domain elsewhere, with Cloudflare alone.

lean sparrow Nov 4, 2023, 9:44 AM

#

Bulk Redirects, Redirect Rules, Page Rules, Workers, DNS

#

are the places I would look

#My domain got hijacked