How to let cloudflare know i own the server someone else's dns is pointing to
Not going to put the actual domain here (mine and the other person's) as the other guy didnt even use cloudflare proxy just normal dns.
But I just purchased a dedicated server for my own personal use, and i had setup a nginx reverse proxy at the front of my machine and its access has mentioned that this domain was reaching my servers and requesting for specific php pages. A quick dns lookup shows that it has it dns recorded pointed to my ip and the dns is provided by cloudflare. Is there anyway to report this to cloudflare and either contact the owner of that domain or disable that dns record?
18 Replies
if the user who's pointing their domain at your server was using the cloudflare proxy then this would just cause error 1014.
as for unproxied records i doubt there's anything you can do. time to secure your server.
also,
requesting for specific php pages ??bot-noise
There are always bots lurking around in the web. They knock on every domain, IP address, and port constantly looking for security holes.
Most of them are rudimentary and try all exploits randomly, including ones for applications unrelated to your project, such as Wordpress or PHP.
These bots learn about your domains (including
.workers.dev and .pages.dev) near-instantly using Certificate Transparency logs, which cannot be disabled and are always issued (even on non-Cloudflare platforms).
Some options to help reduce the noise from these bots:
- Disable .workers.dev
- Redirect .pages.dev
- Enable Managed Rulesets (requires Pro plan or above)btw is this page about disabling worker dev still correct?
https://developers.cloudflare.com/workers/configuration/routing/workers-dev/#disabling-workersdev
i do not see an overview page let alone a domains and routes page
Cloudflare Docs
workers.dev · Cloudflare Workers docs
Cloudflare Workers accounts come with a workers.dev subdomain that is configurable in the Cloudflare dashboard. Your workers.dev subdomain allows you getting started quickly by deploying Workers without first onboarding your custom domain to Cloudflare.
try it and see?
:akarishrug:
should i send ss?
no you should try it and see
i can find the described dashboard features
or i dont think i have a worker in the first place lol
that might be worth checking
as for transparency logs does it include a specific hostname list of my domain or is it only hey this domain exist
talking about certificate transparency?
yes
e.g
can i report the unproxied record to cloudflare abuse email
no, it's not against any rule to add a random servers ip address in your dns records
as for php page i think those are genuine request as in a wayback machine it seems like the old page is using php and the request is from an iphone (could be false tho)
refer to this please
and request platforms can be spoofed (...)
btw just an additional question which cert does mtls from cloudflare use, i dont mind a shared cert but not sure which one i should config to accept
talking about mtls by host?
cf will verify the cert. if you enable it for a certain host. as for issuing you can either use cloudflare issued certificates or provide your own key and csr