1

Looking for some help. I have someone using domain masking to clone a site belonging to me. I have inserted:

<script type="text/javascript">
if (parent.frames.length > 0) {
parent.location.href = self.document.location
}
</script>

into my own header but it is still managing to pull the content from my site and display it in an iframe. The website is wordpress that I am using. I inserted:

Header append X-FRAME-OPTIONS "DENY"

into the htacess as well. Neither one is working. Any other way they could be doing this?

Shane12
  • 11
  • 1
  • 1
    You will probably want to read these: https://www.owasp.org/index.php/Clickjacking, https://www.owasp.org/images/0/0e/OWASP_AppSec_Research_2010_Busting_Frame_Busting_by_Rydstedt.pdf – Alexander O'Mara May 09 '15 at 18:52
  • Thanks for the tips. I have read through both of them but aside from what I already have done, they fail to highlight a different method of preventing it. – Shane12 May 09 '15 at 19:34
  • `X-Frames-Options` should work in all modern browsers. If your attempts to us it are not working, you should probably try to debug that. Perhaps your [htaccess rule](https://stackoverflow.com/questions/17092154/x-frame-options-on-apache) is not correct? Or perhaps there is more at play than just an iframe? – Alexander O'Mara May 09 '15 at 19:39
  • I done a header check at http://web-sniffer.net/ and it shows X-FRAME-OPTIONS: DENY on it so it definitely is being inserted by the htaccess. – Shane12 May 09 '15 at 20:08
  • try `if (window!=window.top) { 'hide content, etc'}` might be one way to do it. But it wont last for long if they are determined.... – David May 09 '15 at 20:13
  • Yeah unfortunately tried that one but it didn't work for me at all. Its really got me stumped. Its definitely iframe done. If I access the wp-admin through the masked url, it redirects to my website's wp-admin. I was trying to figure out a way to insert a redirect or deny ip from them but I have not had any luck that direction either. – Shane12 May 09 '15 at 20:31
  • are you sure? have you tried something like `iframe{display: none;} in your console? They can copy the html/css/js from your site no problem and use that instead of a iframe. – David May 10 '15 at 00:35
  • Using the iframe{display: none;} method, the youtube video on my front page disappears which I presume means its successful. However the cloned site still appears, just lacking the youtube video like mine. It mirrors mine exactly, if I change a letter on my site, the cloned one mirrors it. Any other ideas? – Shane12 May 10 '15 at 10:57
  • Object moved Object moved to here.

    is what I have pulled from there source code. It points to them using isapi rewrite rules on there server. I know zero about isapi and would appreciate any help anyone has with it and how to stop it.

     – Shane12 May 10 '15 at 11:43

1 Answers1

0

Can you identify the source address of the interloper? Unless it's a widely distributed system stealing your content, it sounds like it would be easier to simply block requests from their subnets at the network layer. This may lead to a game of whack-a-mole if they're able to move the process around, but would definitely increase the barrier for them.

Rick Buford
  • 629
  • 3
  • 4