Ancestors

Toot

Written by Nicolas Dandrimont on 2025-01-24 at 21:12

Any advice/experience on reporting abuse to #Cloudflare?

Specifically looking for how to report someone who used Cloudflare to provide #DNS for a domain that got hijacked at the registrar. Any options I can pick on the CF abuse report form seem awfully far from this kind of abuse.

(Also, I guess you should take this as a reminder to turn on 2FA on all the accounts that have access to DNS settings at your registrar)

(And while I'm here, one more reason to hate #Gandi: they now make you pay 50 EUR / year of protection money to let you force 2FA on DNS setup changes)

=> More informations about this toot | More toots from olasd@mastodon.opportunis.me

Descendants

Written by Ryan Bolger on 2025-01-24 at 21:31

@olasd I’d focus on the hosting provider for the malicious content rather than the DNS provider. If Cloudflare is also the content host because they’re using it as a reverse proxy, focus the report on that angle. Hosting a DNS zone for a domain you don’t own is not inherently abuse. There are all sorts of benign reasons people do it. The only reason it matters in this case is because of the hijacked registrar account. But cloudflare can’t do anything about that.

=> More informations about this toot | More toots from rmbolger@mastodon.social

Written by Nicolas Dandrimont on 2025-01-24 at 21:52

@rmbolger thanks. Indeed there are many legitimate reasons to host DNS for a third-party, though they might not like that their service was used by a hijacker. They probably don't care.

I have to say that I focused on recovering the domains rather than collecting evidence, so the only two crumbs of evidence I have are:

history of the domains being pointed at CF DNS

via crt.sh , one TLS cert issued by CF for one of the domains

(I assume the hijacker intended to use CF to reverse-proxy its stuff anyway)

=> More informations about this toot | More toots from olasd@mastodon.opportunis.me

Written by Ryan Bolger on 2025-01-24 at 22:10

@olasd On the cert front, I think it should be possible to forcefully revoke any certs that were provisioned once you have control of the authoritative DNS again. I'm not exactly sure how to do that for Cloudflare issued certs though.

=> More informations about this toot | More toots from rmbolger@mastodon.social

Proxy Information

Original URL: gemini://mastogem.picasoft.net/thread/113885391730499980
Status Code: Success (20)
Meta: text/gemini
Capsule Response Time: 260.899746 milliseconds
Gemini-to-HTML Time: 0.967883 milliseconds

This content has been proxied by September (3851b).