hacking through workers
Hello,
I am experiencing an issue with my Cloudflare account where suspicious Workers are being created without my authorization. These Workers are deploying a fraudulent captcha on my website. I have deleted them multiple times, but they keep reappearing.
Here’s what I’ve checked so far:
- There is only one user in the Members section (me).
- There are no tokens in the API Tokens section.
- The Activity Log shows entries for Worker creation that I did not perform.
I have already changed my password and ensured that two-factor authentication (2FA) is enabled. However, the issue persists.
Please assist me with:
1. Blocking unauthorized access to my account.
2. Removing all suspicious Workers and preventing their re-creation.
3. Checking if there are any other vulnerabilities in my account.
Thank you in advance for your help!
Best regards
4 Replies
It sounds like someone has your API key
https://developers.cloudflare.com/fundamentals/setup/account/account-security/secure-a-compromised-account/
Ensure you do step 2, 3 & 4
Will it be enough to update the keys here?
yes
just your global api key
Tbh, it is worth checking where are you putting your keys on to have them leaked