CD
Cloudflare Developers3w ago
charmander

I see events in Audit log I didn't create

I got an email from CloudFlare telling me my account was accessed from another ip. I changed all passwords and setup 2fa. I checked audit log and I see 10-15 requests made using the API interface yesterday. Of course I didnt do them. Here is a screenshot: Is this normal?
No description
No description
4 Replies
Chaika
Chaika3w ago
Normal. See how it's saying the user was Cloudflare and not you? You'd be generally looking for changes which your user did, when looking for comprimise it's just renewing your workers.dev cert looks like
charmander
charmanderOP3w ago
Phew...but then why did they send me a suspicious activity email at all lol
Chaika
Chaika3w ago
They send you an email that somehow signed in from a new IP, sounds like what you're describing. It doesn't mean they did anything (or maybe just didn't have a chance to do so), but if you didn't recognize the login/ip changing credentials/setting up 2fa is what you should do anyway
charmander
charmanderOP3w ago
All right thank you very much mate!
Want results from more Discord servers?
Add your server