1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How To Protect My Website From an iFrame thieve

Discussion in 'Black Hat SEO' started by drogon, Jul 11, 2012.

  1. drogon

    drogon Elite Member Premium Member

    Joined:
    May 28, 2010
    Messages:
    2,108
    Likes Received:
    1,005
    One of my Wordpress based websites went from no.1 to page 9 today and so one of the checks i made to see why this happened was to copy the first paragrape and paste it into Google. The first result that showed up was another site which appears to have copied my entire site into an iframe and now cached in Google as the more relevant site. I would now like to break the iFrame but not sure what code to enter into the htaccess file or Wordpress itself to break the iframe. Any ideas?

    Thanks.
     
    Last edited: Jul 11, 2012
  2. assphuck

    assphuck Senior Member

    Joined:
    Feb 22, 2009
    Messages:
    1,196
    Likes Received:
    905
    • Thanks Thanks x 1
  3. Lyscer

    Lyscer Junior Member

    Joined:
    Jun 29, 2012
    Messages:
    109
    Likes Received:
    46
    Occupation:
    Software Engineer
    I have seen these types of exploits blocked with JavaScript, this is a quick script I found but haven't tested it out (just to give you an idea):


    function parentIsSameOrigin(){ var result = true; if (window.parent) { result = Boolean ( // more precise modifications needed here window.this.location.href.indexOf(window.parent.location.href) == 0 ); } return result;}
     
    • Thanks Thanks x 1
  4. drogon

    drogon Elite Member Premium Member

    Joined:
    May 28, 2010
    Messages:
    2,108
    Likes Received:
    1,005
    I found this script doing a search online:

    <script type="text/javascript"> if((self.parent&&!(self.parent===self))&& self.parent.frames.length!=0)){self.parent.location=document.location }</script>

    Any good?
     
  5. drogon

    drogon Elite Member Premium Member

    Joined:
    May 28, 2010
    Messages:
    2,108
    Likes Received:
    1,005
    So htaccess would now look like this?

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>


    ## USER IP BANNING
    <Limit GET POST>
    order allow,deny
    deny from xxx.xxx.xxx.xxx
    allow from all
    </Limit>


    # END WordPress
     
  6. wowhaxor

    wowhaxor Executive VIP Premium Member

    Joined:
    Apr 28, 2007
    Messages:
    2,021
    Likes Received:
    3,353
    Location:
    ?¿?
    Home Page:
    Yes use a simple script you can find the code via Google, commonly referred to as "frame breaker" but I'm sure searching for stop iframe or something would get the job done too.
     
    • Thanks Thanks x 1
  7. OriginalEXE

    OriginalEXE Power Member

    Joined:
    Feb 6, 2012
    Messages:
    634
    Likes Received:
    664
    Occupation:
    WordPress developer
    Home Page:
    • Thanks Thanks x 1
  8. drogon

    drogon Elite Member Premium Member

    Joined:
    May 28, 2010
    Messages:
    2,108
    Likes Received:
    1,005
  9. lanbo

    lanbo Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 23, 2009
    Messages:
    3,435
    Likes Received:
    595
    Home Page:
    Try using an iFrame breaker.
     
  10. assphuck

    assphuck Senior Member

    Joined:
    Feb 22, 2009
    Messages:
    1,196
    Likes Received:
    905
    Probably easier to just put this after END Wordpress:

    deny from xxx.xxx.xxx.xxx

    Replace the x's with the offending sites IP address.
     
  11. ezines

    ezines Power Member

    Joined:
    Jan 3, 2011
    Messages:
    712
    Likes Received:
    216
    Occupation:
    Online/Offline
    Location:
    Somewhere On Earth
    This is also my problem while I'm writing this reply. Hopefully, the suggestion here could solve the issues.