CD
Cloudflare Developers13mo ago
Kyaw Ko Ko Tun

My domain got hijacked

Hello, I have a website on kagyi.net and now it's keep redirecting to a wierd website. I see no change in DNS records. The issue is going on for about a week and how do I fix.
13 Replies
Ayaan
Ayaan13mo ago
I think your domain has been expired and other guy bought same domain. @Kyaw Ko Ko Tun Are you Korean? I checked kagyi.net's whois and they said In March 2023, one of guy has been exchanged your domain to hosting.kr(InterServer) domain system, and this guy is living in Gyeonggi-do state in Korea.
Ayaan
Ayaan13mo ago
Follow this link for more details: https://www.whois.com/whois/kagyi.net https://tucowsdomains.com/
Whois kagyi.net
Whois Lookup for kagyi.net
Tucows Inc.
Tucows Domains.
Information about Tucows Domain Names
Kyaw Ko Ko Tun
Kyaw Ko Ko TunOP13mo ago
No it's not expired yet
Saul Goodman
Saul Goodman13mo ago
and you had this domain previously and was working fine but is messed up now ??
Elven Princess
Elven Princess13mo ago
Your website returns HTTP code 301 Moved Permanently with the Location header pointing to the weird website. Maybe your server got infected and now just redirects all requests? I've never had to deal with it myself, but I've heard a lot of stories about people's websites on WordPress getting infected because they used a vulnerable plugin or something like that.
Erisa
Erisa13mo ago
Its also possible your Cloudflare account was compromised and used to create a redirect rule https://developers.cloudflare.com/fundamentals/account-and-billing/account-security/securing-a-compromised-account/
Secure compromised account · Cloudflare Fundamentals docs
If you observe suspicious activity within your Cloudflare account, secure your account with these steps.
_tweak^prone
_tweak^prone13mo ago
@Kyaw Ko Ko Tun try to log into cloudflare, and disable proxy for the DNS. That should/would disable any CF interference. If you still get the problem with the 301 to another site, then it is most likely your webserver that got compromised.
Kyaw Ko Ko Tun
Kyaw Ko Ko TunOP13mo ago
Turning off the proxies solves my problem! Thank u! How does it work and is it a cloudflare issue?
_tweak^prone
_tweak^prone13mo ago
If turning off proxy solves your issue, then your Cloudflare account most likely got hijacked OR your Cloudflare DNS points to a no-longer-valid IP for that domain. First off, change your Cloudflare password - then enable Two-Factor Authentication. After that, check your DNS settings in Cloudflare - make sure they are aligned with your webserver. Then, go into page rules and look for a redirect rule - remove any redirect rule that might be causing this problem.
Erisa
Erisa13mo ago
Please also reset your API key, there are instructions on the page I sent
_tweak^prone
_tweak^prone13mo ago
Also, you would need to have a look at your Page Workers, they might also cause a redirect. Besides Page Rules and Workers, I am not currently aware of any other mechanism that can redirect an entire domain elsewhere, with Cloudflare alone.
Erisa
Erisa13mo ago
Bulk Redirects, Redirect Rules, Page Rules, Workers, DNS are the places I would look
AntiMomentum
AntiMomentum13mo ago
There's CVEs for different WordPress plug-ins all the time. It seems like every few days a new plug-in related cve shows up but idk how accurate that actually is. Either way its often. People using them definitely want to keep them updated as much as possible.
Want results from more Discord servers?
Add your server