Hate to admit it, but I had several domains get semi-hijacked using a cloudflare(esq?) technique, it went like this...
registered a bunch of domain names, had my registar auto set to make all new registered domains auto point to cloudflare..
some months later I found that a domain was pulling up some shady site..
So I never went into my cloudflare account and added the domains there, but the dns from uniregistry was pointing to alex.cloudflare.. and so sneaky perps I assume created a CF account and added my domain name there and then pointed it to their server..
I reported this - never heard back. found the issue with another domain, reported it, never heard back.. got busy.. found another domain name that had the same 'exploit', running through CF... didn't bother reporting it.
No longer auto-pointing to cloudflare for new domains.
Actually no longer pointing any new domains to CF but that's other reasons.
Neat to see how people find ways of exploiting wierd misconfigs, I gave them major props for pulling it off, and gave CF non-props for not responding with 'we found person X who was pointing your domain without permission, and found all associated..' whatever.
> I reported this - never heard back. found the issue with another domain, reported it, never heard back.. got busy.. found another domain name that had the same 'exploit', running through CF
To me this indicates it may have been a widespread problem. Really calls into question this hypothesis and the categorization of it being an "edge case":
>At this point, it would take upwards of 450 Cloudflare accounts to get an account that matches one of your specific vulnerable domain's nameservers. Additionally, in my experience, there is only around a 10% chance of success even if the nameservers assigned to your account match the domain. While this is a far cry from the theoretical 200,000 accounts previously believed necessary, that's still a lot of work to perform a targeted takeover.
*https://github.com/indianajson/can-i-take-over-dns/issues/10
registered a bunch of domain names, had my registar auto set to make all new registered domains auto point to cloudflare..
some months later I found that a domain was pulling up some shady site..
So I never went into my cloudflare account and added the domains there, but the dns from uniregistry was pointing to alex.cloudflare.. and so sneaky perps I assume created a CF account and added my domain name there and then pointed it to their server..
I reported this - never heard back. found the issue with another domain, reported it, never heard back.. got busy.. found another domain name that had the same 'exploit', running through CF... didn't bother reporting it.
No longer auto-pointing to cloudflare for new domains.
Actually no longer pointing any new domains to CF but that's other reasons.
Neat to see how people find ways of exploiting wierd misconfigs, I gave them major props for pulling it off, and gave CF non-props for not responding with 'we found person X who was pointing your domain without permission, and found all associated..' whatever.