CODEWITHSUNDEEP
wordpresssecurityspam
Farbod Ghiasi
Farbod Ghiasi

Reputation: 55

A spam site is forwarding my site and showing add at the end of it

I made a new website with Wordpress which is http://drfarzin.net I randomly was googling my site that i saw another domain is presenting my site http://upciran.ir/web/aHR0cDovL2RyZmFyemluLm5ldC8=! plus it has an advertisement at the end of it. here is the steps i did to prevent this spam but it didn't succeed:

  1. saw my log file while requesting to http://upciran.ir/web/aHR0cDovL2RyZmFyemluLm5ldC8= which was {5.78.123.116, 162.158.89.204 - -
    [08/Apr/2016:04:32:46 -0400] "GET / HTTP/1.1" 200 39199 "http://upciran.ir/web/aHR0cDovL2RyZmFyemluLm5ldC8=" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36" - - -
    [08/Apr/2016:04:32:46 -0400] "GET / HTTP/1.0" 200 25733 "-" "-" 5.78.123.116, 162.158.89.204 - -
    [08/Apr/2016:04:32:47 -0400] "GET /wp-admin/admin.php?page=stats&noheader&proxy&chart=admin-bar-hours-scale-2x HTTP/1.1" 200 613 "http://drfarzin.net/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36" }
  2. pinging http://upciran.ir/web/aHR0cDovL2RyZmFyemluLm5ldC8= then block its ip in cloudflare and wordfence (wordpress plugin)

**the odd part that i dont undrestand is while you brows in to http://upciran.ir/web/aHR0cDovL2RyZmFyemluLm5ldC8= , its url will not be changed **

Upvotes: 0

Views: 146

Answers (1)

Apeiron
Apeiron

Reputation: 1971

It's loaded from iframe...

You cannot check it from the server's side, but you can use javascript to detect it after the page has loaded. Compare top and self, if they're not identical, you are in a frame.

Additionally, some modern browsers respect the X-FRAME-OPTIONS header, that can have two values:

DENY – prevents the page from being rendered if it is contained in a frame SAMEORIGIN – same as above, unless the page belongs to the same domain as the top-level frameset holder. Users include Google's Picasa, that cannot be embedded in a frame.

Browsers that support the header, with the minimum version:

IE8 and IE9 Opera 10.50 Safari 4 Chrome 4.1.249.1042 Firefox 3.6.9 (older versions with NoScript)

EXAMPLE:

if(top!=self){
        top.location.replace(document.location);
        alert("For security reasons, framing is not allowed; click OK to remove the frames.")
    }

Upvotes: 2

Related Questions