Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
MariaBuy Hostmaria Deal

Beware of Subdomain Takeovers


Level 4
Legacy Platinum Member
Aug 24, 2007
Reaction score
Feedback: 3 / 0 / 0
Through DNProtect, we were just alerted to a 'scary' type of loophole in CloudFlare's service.

So here is how this security loophole is taken advantage of by scammers:

Someone decides to use Cloudflare. They open up an account (there are free and paid accounts). They point their domain names to the CF name servers. That's a requirement. But then the person forgets to add the domain name to their CF account. So, the domain is pointed to the CF name servers but is in "limbo" because it is not added to the account at Cloudflare. Or, they delete the domain name from the CF account but forget to change the name servers at the domain registrar. Either way, the domain is pointed but not associated with an account.

So, the 'scammer' looks through publicly available lists (usually DNS checkers, etc.) of domain names pointing to the CF name servers. They grab the list, then import the list of domain names to their Cloudflare account. Domain names that are pointed to the CF name servers but not associated with an account are then added to the scammer's account. The scammer then can see which domains were added to THEIR account, and even though they have NO control over the domain, they have control over the DNS and they can point the domain anywhere they want. They steal the traffic, can get all the emails, anything they want to do with the DNS of the domain.

So, to protect yourself, if you point your domain name to a certain name server, make sure that you have control over the DNS at the name server. So, if you point your domain to Cloudflare's name servers, make sure you add that domain to your Cloudflare account; or someone else may add it to their account.

This just happened to someone recently and we were notified about it. They pointed several of their domains to Cloudflare's name servers but forgot to add the domain to their CF account. So, someone else added to THEIR account, stealing all their traffic and taking over the DNS for their domains. In this case, the 'thief' didn't even have to have access to their domain, didn't have to hack their domain registrar account, etc..


Level 5
Legacy Platinum Member
Aug 21, 2002
Reaction score
Feedback: 9 / 2 / 1
Great advice. This happened to me a few years ago. I couldn't figure out how it was happening back then. lol.


Level 5
Legacy Exclusive Member
Sep 15, 2009
Reaction score
Feedback: 68 / 0 / 0
This advice is also applicable to parking.

If you're buying a domain name because of its parking income, or not, it may be parked and in the precious owner's account. Update the name servers to your preferred parking company or ensure that you add it to your account at the present company or you will not make money from that domain.

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Premium Members

Be a Squirrel

New Threads

Our Mods' Businesses

Photo Video Editing

*the exceptional businesses of our esteemed moderators

Top Bottom