One of my sites started showing a fake “Cloudflare human verification” page asking visitors to press Windows + R, then Ctrl + V, then Enter. The clipboard contained a suspicious command using cmd / rundll32, so it was clearly not a real Cloudflare challenge.

At first I thought the problem was on the website/server side: WordPress, plugins, theme, .htaccess, injected JavaScript, cache, etc.

But after checking, the origin server looked clean.

The real issue was inside Cloudflare.

In my Cloudflare dashboard I found an unknown Worker named something like:

holy-recip-aeba

It had been attached to multiple domains through Worker Routes.

In the Cloudflare Audit Log I found the full sequence:

• LOGIN success from suspicious IP
• Create Token: "Cloudflare Agent (auto-generated)"
• Upload Worker Module
• Create Worker Routes on several domains

The Worker was then injecting the fake Cloudflare / ClickFix page before the request reached users.

So in my case, this was not caused by WordPress, not by the hosting server, and not by Cloudflare itself intentionally. It was an unauthorized Cloudflare Worker created after the account was compromised.

What I did to fix it:

• Removed all Worker Routes linked to the unknown Worker.
• Deleted the malicious Worker.
• Purged Cloudflare cache on all affected domains.
• Changed my Cloudflare password.
• Enabled 2FA.
• Regenerated the Global API Key.
• Checked and removed suspicious API tokens.
• Reviewed Audit Logs for login, token creation, Worker upload, and route creation events.
• Checked Google/Gmail security and local PC/browser extensions.

My advice: if you ever see a fake Cloudflare CAPTCHA asking users to run commands with Win + R, don’t only scan WordPress. Also check:

• Cloudflare → Workers & Pages
• Cloudflare → Worker Routes
• Cloudflare → Audit Log
• Cloudflare → API Tokens
• Cloudflare → Global API Key
• Cloudflare → Account Members

This type of attack can make a clean site look infected because the malicious code is injected at the Cloudflare edge.

Hope this helps someone.

After learning to use the Cloudflare app on the Android, I discovered warp-cli for Linux. After going through a pretty simple install process, I'm happily using it all the time on my LXDE desktop.

One awesome feature is that after getting everything setup, it maintains its status across reboots. Most of the time, I leave it in warp mode.

When I want to watch Hulu, which is notorious for detecting VPN activity, I execute this command:

warp-cli mode doh

and then I watch Hulu. Afterwards, I execute this command:

warp-cli mode warp

which reestablishes the encrypted tunnel.

Hello ! I had a 6 rounds interview with cloudflare regarding a solutions engineer role, i did the RH screening , the hiring manager interview, the take home tasks, the technical , the orange cloud round and finally a role play. the last round was last week . do you have an idea when will i get response ? and how likely will i get hired ? thank youu

Hi all. I LOVE CloudFlare and all it does.

I have it installed on a 10yr old MacBook Air that I use when traveling, because my wonderful sling bag will fit it. Apple stopped making the 11" Air, and I'm kinda stuck with it.

Sadly I blithely accepted the usual CF update today, and got a message back that I can no longer use CF because my OS is too old, and no longer supported. Bummer!

Is there any way to revert back to an older version and keep using it?

Thanks for any advice.

EDIT: Ah, apparently I know nothing about CF. I'm talking about using CF Warp, 1.1.1.1. It's a nice little safety net for me, that's all. Sorry if my post didn't make a lot of sense to you power users! 😉

My domain is currently using GoDaddy Nameservers. I'm considering pointing my Nameservers to Cloudflare and copying my DNS records over. Are there any downsides in doing so?

I plan on exporting my current DNS records from GoDaddy and importing them over to Cloudflare. I'm a beginner, so if there are any 'gotchas' that I should be aware of, I'd appreciate the tips. Thanks!

Tl;dr: Cloudflare laid off much of their Community team and then unexpectedly disbanded the Community Champions program (Discord moderation and early feedback group), leaving the Cloudflare Discord server effectively unmoderated and without the very folks who gave years of their free time to help the community. We’ve decided to create a new unofficial home for Cloudflare users on Discord, a space run by the community, for the community: https://discord.gg/TrPNVKaagR

During the unexpected recent layoffs at Cloudflare, folks involved in leading community efforts unfortunately lost their jobs. This left us (the Community Champions) in an odd spot where we were looking after Cloudflare's own Discord server while having no direct community contacts at Cloudflare. You may have seen many of us in Discord before - we had the green names!

This week, we then received an unexpected message letting us know that, effective almost immediately, the Community Champions program was being disbanded, and our volunteer assistance in the server (moderating the place 24/7 and providing support to Cloudflare’s users) was no longer needed. No real explanation was given as to why, just that it is happening and that the decision had already been made.

The Community Champions program has operated since very early 2021, and has become a staple in Cloudflare’s developer ecosystem, support offerings, and more. Countless users are sent by Cloudflare’s own support team or via product dashboards to the Discord server every single day, and in the vast majority of cases, support for products was offered by a Community Champion purely out of joy and love for the community and Cloudflare.

This news has resulted in many active folks leaving the server already, both community and employees. Therefore, we’re announcing a new unofficial Orange Cloud Discord server, where folks can engage with the same folks who have always helped them, get support for Cloudflare products, and which will be moderated and run by humans who care. Join the server today: https://discord.gg/TrPNVKaagR

---

FAQ

We’ll try to keep this updated as common questions arise in the comments on this post.

What will happen with the old “official” server?

At this point, we don’t know, and it doesn’t seem that Cloudflare does either. There are currently discussions around rebooting it later this summer, but in the meantime, we expect it to be quickly overrun with spam, scams, or worse content now that there’s no longer any active and dedicated moderation team, and the few active employees who were providing support have mostly left. This has already started to happen in the couple of days the server has been unmoderated. We’ve also seen those at Cloudflare who now hold moderation powers unfairly removing negative messages about Cloudflare’s products and decisions (as well as the users posting them), including this very change, which leaves us concerned about the future of open discussion and feedback there.

Why should we believe what you’re saying vs. Cloudflare?

Consider that we are a group of friends who have volunteered our free time over the last many years to help the community, and that Cloudflare is a publicly traded corporation with an image and bottom line to protect. We anticipate that Cloudflare may try to spin their own narrative on what has happened with us posting this, and recognise that this may cause some confusion for the community. While we don’t think what Cloudflare has done is the right move, we don’t want to burn bridges and trust that we don’t need to, so we intend to keep the conversations involved here private if we can. That being said, rest assured that we do have plenty of receipts for what we’ve said Cloudflare has done in this post (including suppressing negative messages from users and outright banning users posting those), and we will share these if we decide it is necessary to preserve the true narrative.

Can I still get support from Cloudflare directly in the new server?

This is unclear. Activity from Cloudflare employees even in the official server is few and far between, with most support coming from the community directly. While there are some Cloudflare employees already in the server, they’re not there in any official capacity, and in time, we hope that many other Cloudflare folks can find a home in the new server.

What happened to the XYZ channel?

One of the issues in the official server that we would raise regularly was the sheer number of channels that ended up abandoned by their product teams. To combat this, we’re starting small but centralising on a few product categories, and will evaluate and increase the number of channels over time as needed.

Can issues still be escalated from the Discord?

In the old server, we had a direct tap to many of Cloudflare’s customer support and engineering folks, including multiple custom integrations allowing us to quickly escalate issues to the right folks. Many of those folks lost their jobs or have left the server after the recent news.

However, lots of us still have very good friends at Cloudflare, and other methods of escalation that we’ll use as needed should issues arise that can’t be solved in the community. We’re confident resolution times won’t be any slower than they currently are.

Will Cloudflare still (officially) use this subreddit?

This subreddit has always been community-moderated, much like the Discord (though unlike the previous Discord server, the community runs the subreddit and holds ownership of it). There are some Cloudflare employees present here, and sometimes you’ll see a response from an executive when a post gets a lot of public attention, but moderation from employees has always been near-zero.

We have no current intentions to remove anyone at Cloudflare from the subreddit - we want to continue collaborating with them to benefit the community, and their integrations for blog posts and things should continue to work without issue.

I'm building a project that has users uploading images and want to use Cloudflare infrastructure for this. The pricing on it is good. However, I can't quite figure out this pipeline.

Cloudflare Images + Transformations seems to be an account-level situation. Media gets all mixed up in one gigant bucket from all of the projects in my account that are leveraging this. Keys are also at an acount level. If I have media coming in from two different projects, I have no way of knowing which ones belong to which project.

The second option I presume is leveraging R2 and putting something in front to transform incoming images. Does Cloudflare offer image transformation for R2 buckets? I can't find anything. I could sure use the free egress, but I don't want to serve up a 3 MB image for a 200x200 profile picture.

Any other options that are cheap and do what CF does? (ie. transform, store, edge caching, free egress)

My Goal:

I want my wife’s phone to use a single server URL in her app (e.g., audiobooks.mydomain.com) at all times. I don't want her to have to switch servers in the app manually.

• Away from home: It should route through the Cloudflare Tunnel so she can stream her books.
• At home: It should route entirely over our local Wi-Fi so she can bulk-download large audiobooks at gigabit speeds without piping gigabytes of raw media files through the free tier tunnel, keeping me completely safe from getting banned by Cloudflare for high media bandwidth.

The Plan (and the IPv4 / IPv6 Hurdle):

To achieve this, I am planning to implement Split-Brain DNS using my local AdGuard Home instance to intercept audiobooks.mydomain.com internally and point it straight to my server's local IPv4 address (e.g., 192.168.1.50).

However, my server is strictly IPv4-only (IPv6 is enabled on my local LAN however), but our cellular carriers use native IPv6.

I'm worried about a specific caching/fallback scenario: When my wife walks back into the house and her phone reconnects to the local Wi-Fi, it will query AdGuard Home and get the local IPv4 address. But because smartphones aggressively prefer IPv6, I am concerned the phone might try to reuse a cached public IPv6 address it received while on cellular data or bypass the local IPv4 override entirely to hit Cloudflare's public edge network anyway.

My Questions for the Community:

1. Is my concern about the phone bypassing the local IPv4 DNS override via a cached public IPv6 AAAA record valid?
2. If I add a custom filtering rule in AdGuard Home to completely block/nullify IPv6 queries for that specific domain (e.g., ||audiobooks.mydomain.com^$v6), will that successfully force her phone to drop back to the local IPv4 address while at home?
3. For those running Audiobookshelf or similar low-bandwidth audio services through Tunnels, is the trickle-bandwidth from streaming a single book small enough that Cloudflare doesn't care, or is the Split-Brain DNS approach strictly necessary to protect my account during bulk-sync downloads?

Appreciate any insight, configurations, or advice you guys have!

Sorry for having to use AI to write this but if I wrote it, you probably wouldn't have any idea what I was asking as I tend to ramble, but this is the gist of what I'm trying to figure out.

It was on a movie piracy site, so I'm not surprised, but this isn't actually CloudFlare, right? And no, I didn't hit enter.

https://preview.redd.it/yolscsmal82h1.png?width=295&format=png&auto=webp&s=a3a835cc1f35a8ff524bacf4c00a5438380229e2

https://preview.redd.it/p59n47ncl82h1.png?width=697&format=png&auto=webp&s=74cadc7c1460bb940b9d471580f98c94ee0f4a16

do Cloudfare think we won't just Task Manager it? Why makes it inconvenient for users?

Hi everyone,

I'm running into a bizarre NXDOMAIN issue with my new domain and Firebase Hosting, and I'm completely stuck.

Here is my current setup and what I've verified so far:

1. Domain Registrar & DNS: Purchased directly via Cloudflare.

2. Hosting: Firebase Hosting.

3. Proxy Status: Set to DNS Only (Grey cloud) on Cloudflare for both root (@) and www A records.

4. Firebase Status: Shows as "Connected" (Green) in the Firebase Console.

5. DNSSEC: Completely Disabled on Cloudflare.

6. Email Verification: Fully verified ICANN registrant email immediately after purchasing the domain (Status is Active on Cloudflare).

When I try to access; however,[https://example.com](https://example.com) or [https://www.example.com](https://www.example.com) on any browser, I get DNS_PROBE_FINISHED_NXDOMAIN.

I also tested

1. Tried multiple devices, including mobile data (cellular) and different computers, but they all return NXDOMAIN.
2. When I run nslookup example.com 8.8.8.8 (or 1.1.1.1), it successfully returns the correct Firebase IP (123.45.67.89).
3. No typos in the Cloudflare DNS settings or the Firebase Console.

If nslookup can resolve the IP globally, why are browsers still throwing an NXDOMAIN error across different networks? Could this be an ongoing SSL propagation issue on Firebase’s end masquerading as a DNS error, or am I missing something specific to Cloudflare-purchased domains?

Any insights or advice would be greatly appreciated. Thank you!

Long story short, I've had enough of the absolutely abysmal Cloudfare turnstile that every bloody website seem to be using. It has wasted in total hours and hours of my time. What happened to the good old "click car picture" Captchas?

WHY IS LITERALLY EVERY WEBSITE I AM ON USING A F***ING CLOUDFARE CAPTCHA?

Literally every day, I have to go through the sweaty process of switching between different WIFIs and different browsers to get it to work. Most of the times the Captcha won't work on my personal WIFI without VPN, and I LITERALLY have to switch between two different VPNs to have a possibility of it working. And no, I'm not doing resource heavy stuff, nor am I doing shady stuff. I am merely reading blogs, downloading game mods, and searching for info online.

It gets SO TEDIOUS AND ABSOLUTELY DEPRESSING to waste my time on the turnstile for literally tens of minutes every single time I open any of these websites. NONE OF THE TIMES have the captcha completed as fast as the speed advertised by Cloudflare.

WTF do you mean "Verify I am human"? How does clicking a bloody button make me human? They could've at least built a fallback option to use image verification, but NO. They decided to force the captcha to load again and again and again until it completes.

So far, I've tried: using different reputable VPN services, not using VPN, clearing cookies, switching browser, restarting PC, and NONE fixes this problem.

Rant over. I really miss the old days when most of the sites had HCaptcha.