hacking through workers | Cloudflare Developers | Page 1

proper falcon Mar 15, 2025, 2:50 PM

#

Hello,

I am experiencing an issue with my Cloudflare account where suspicious Workers are being created without my authorization. These Workers are deploying a fraudulent captcha on my website. I have deleted them multiple times, but they keep reappearing.

Here’s what I’ve checked so far:

There is only one user in the Members section (me).
There are no tokens in the API Tokens section.
The Activity Log shows entries for Worker creation that I did not perform.

I have already changed my password and ensured that two-factor authentication (2FA) is enabled. However, the issue persists.

Please assist me with:

Blocking unauthorized access to my account.
Removing all suspicious Workers and preventing their re-creation.
Checking if there are any other vulnerabilities in my account.

Thank you in advance for your help!

Best regards

glossy ember Mar 15, 2025, 2:52 PM

#

It sounds like someone has your API key

#

https://developers.cloudflare.com/fundamentals/setup/account/account-security/secure-a-compromised-account/

#

Ensure you do step 2, 3 & 4

proper falcon Mar 15, 2025, 2:55 PM

#

glossy ember It sounds like someone has your API key

Will it be enough to update the keys here?

glossy ember Mar 15, 2025, 2:55 PM

#

yes

#

just your global api key

#hacking through workers