#1 5th Sep 2017 11:17:07

Lord_Chris
Lord Commander
Reputation: 144

From: England, United Kingdom
Registered: 14th Aug 2013
Posts: 2,163
Website

Alert- CloudFlare hacked

Hi everyone,

Early this morning, around 1 AM here in the UK, CloudFlare was hacked and my account was compromised. Unfortunately, the hacker targeted StrongholdNation specifically in my account and setup a 301 permanent redirect from here to a malicious website. It's important to note that CloudFlare is a completely different thing to the site itself, and is only used on the forum/CDN that we have.

The site itself was not hacked. What did happen was an attempt to 'hack by proxy' through an external service, and, to a degree, unfortunately it worked. I've since regained control of the situation, and enabled two-factor authentication on CloudFlare so this cannot happen again. I did this within 10 hours of knowing that the hack took place.

This means that you were only affected if you have visited the site since (to be safe, say Midnight UK time) until around now. If you visited the site in that time, first of all, clear all your browser cache, cookie, history, etc, everything. 301 is a permanent redirect that is cached by the browser. This means that every time you attempt to load any page on the site until caching is cleared, your browser will still attempt to redirect to the malware.

Next, make sure you absolutely run a malware scan on your PC. I'm in the fortunate position of using Malware Bytes Pro, which blocked the malware for me before I was redirected to it. But some of you may have been unfortunate enough to have been redirected to it.

Whatever happens, make sure you run a scan for malware.

Because the CloudFlare account was compromised, I'm going to have to change SSL Certificates, API Keys and other various keys which are associated with it. I doubt that anything else will happen but I want to be absolutely sure that everything is properly secured.

Once again, I must reiterate that the site itself has not been hacked, and everything is normal again.

Offline
  • 1
Users in this topic: 0 guests, 0 registered users

Board footer

Powered by Aura