CODEWITHSUNDEEP
phpjavascriptjqueryhtmliframe
David19801
David19801

Reputation: 11448

Prevent iframe stealing

I think someone is stealing my content using an iframe. My website is a forum and a user has just reported them to me.

How can I find their website programmatically (php,JavaScript,jQuery,HTML) if their are others doing this?

Is this allowed on the internet for them to do this and can I take action?

Upvotes: 10

Views: 9033

Answers (6)

Phil C
Phil C

Reputation: 980

You can prevent other websites from framing your data using a Content Security Policy header e.g. frame-ancestors 'none'; will block every website from embedding your content in an iframe on their site https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

Upvotes: 0

Satish Sharma
Satish Sharma

Reputation: 9635

you can use this js code in top of your website (header page)

if (window.top !== window.self) window.top.location.replace(window.self.location.href);

Upvotes: 0

Hussein
Hussein

Reputation: 42818

With JavaScript you can do 

if(window.top==window){
 //not inside iframe
} else {
    if(parent.parent.someFunction){
       parent.parent.someFunction();
    } else {
       alert("framing is not allowed")
    }
}

OR

if (window.top !== window.self) window.top.location.replace(window.self.location.href);

Some modern browsers also support the X-FRAME-OPTIONS header, that can have two values:

* DENY – prevents the page from being rendered if it is contained in a frame
* SAMEORIGIN – same as above, unless the page belongs to the same domain as the top-level frameset holder.

Browsers that support the header:

* IE8 and IE9
* Opera 10.50
* Safari 4
* Chrome 4.1.249.1042
* Firefox with NoScript

Upvotes: 25

jackJoe
jackJoe

Reputation: 11158

Use the same method that I suggested here: How to limit display of iframe from an external site to specific domains only

In a nut shell, you add a PHP script in every page (in your case it will probably be just one, assuming it is a template), this script limits the viewing to one (or more) reffering domains.

This method is better than a javascript method because the users might have it disabled.

Upvotes: 3

user166390
user166390

Reputation:

HTTP access can be blocked to some extend by using an HTTP Referer filter. Access "by host server" can also be monitored through looking at the Referer in the HTTP logs. It's not a perfect solution, but for standard browser access will get you most of the way there. ("No Hot-Linking" setups sometimes work like this.)

For legal action, seek the advice of a lawyer :-) However, my first inclination would be to ask the other site owners to stop. They may just be nice.

Upvotes: 1

JohnP
JohnP

Reputation: 50029

If you can find out who it is you can tell them they can't use your content in that way. If you own website you can dictate how it can be used.

Have a look at framkillers : http://en.wikipedia.org/wiki/Framekiller

This is a technique to stop sites from being shown in iframes. Keep in mind that even framekillers can be killed.

Upvotes: 4

Related Questions