Author

Topic: CloudFlare has been hacked. FALSE ALARM (Read 696 times)

legendary
Activity: 2296
Merit: 1014
April 02, 2014, 01:49:35 PM
#6
false alarm is another kind of alarm to consider
i mean, u never know
hero member
Activity: 938
Merit: 502
April 02, 2014, 01:21:45 PM
#5

Here is a screenshot of the notification they logged in as me.

http://imgur.com/4R1w7pv

CloudFlare owns that IP address. So either CloudFlare has been hacked, or CloudFlare is logging into services they protect to steal coins.

There's no other explanation.

Might be a false alarm, but that doesn't explain this, unless CloudFlare is issuing these shitty certificates, which means that somebody within CloudFlare could potentially exploit related vulnerabilities.
legendary
Activity: 1498
Merit: 1000
April 02, 2014, 12:05:51 AM
#4
This is exactly why I would never use cloudfare, there are better ways to handle DDOSes.
newbie
Activity: 25
Merit: 0
April 02, 2014, 12:04:27 AM
#3
Everybody hold up. I might be wrong. I'm noticing things that aren't adding up. I logged in to see if the password had been changed, and if they changed the payment address, and neither had. Then I checked the IP address the login was assigned. Give me a few. It sent me a login notification with another CloudFlare IP when I logged in. I'm getting a feeling this might have been seriously delayed smtp mail. Like someone just restarted sendmail and a bunch of old mail got sent out.
hero member
Activity: 938
Merit: 502
April 02, 2014, 12:00:58 AM
#2
Just saw this.  Pulled my account to cold storage on my private-keyed accounts.
newbie
Activity: 25
Merit: 0
April 01, 2014, 11:49:31 PM
#1
Ok, false alarm. I just got a bunch of delayed payout notifications, and they match amounts that I had sent to my address on the blockchain. Someone must have restarted a dead smtp server and a bunch of old mail got sent out. It's looking like some sites using CloudFlare are rewriting all IP addresses for incoming traffic also. So you'll never see your own IP address if you have login notifications enabled.

Sorry if this freaked anyone out.
 



Here is the IP address that just logged in as me to an EMC2 pool:

http://dazzlepod.com/ip/173.245.55.67/  Clearly owned by cloudflare. Cloudflare is a service used by lots of altcoin mining and exchanges to protect against DDoS.

Here is a screenshot of the notification they logged in as me.

http://imgur.com/4R1w7pv

CloudFlare owns that IP address. So either CloudFlare has been hacked, or CloudFlare is logging into services they protect to steal coins.

There's no other explanation.
Jump to: