-2

I found 3 websites that are iframing my website. At first I thought they just copied my theme and are scraping my content. But when I edit my homepage their homepage also changes too automatically.

How can I prevent them from iframing my website. They are using up my server resources and ranking on google also.

What I did so far. (to some extend hindered them from showing my website) I enabled "Under Attack Mode" on cloudflare which is showing "Checking your browser" repeatedly (https://i.stack.imgur.com/cVAAQ.jpg).

Ibu
  • 42,752
  • 13
  • 76
  • 103
James Lee
  • 7
  • 3
  • 2
    This questions turns out not to be about iframes. – Ibu Oct 18 '18 at 21:49
  • @Ibu I'm curious to know what it's really about then; can you shed some light on this for me please? I casted the 3rd reopen vote, so I'm hoping to see what others have to say. The OP might even want to elaborate on this. Edit: the question's unclear for me. – Funk Forty Niner Oct 18 '18 at 22:01
  • To the best of my knowledge, other website are replicating the page via `file_get_contents`. A simple javascript redirect should do the job. – Ibu Oct 18 '18 at 22:07
  • @Ibu you were right. Stupid me I had 'allow_url_fopen' set to on. edit: Exactly that didn't work. – James Lee Oct 18 '18 at 22:16
  • `` the fake site didn't redirect to my site when I used that code. It just redirects to its self repeatedly. Its has if its automatically omitting my my domain and replacing it with their own. edit: that's precisely what they are doing. I added this `Checking if this changes: https://www.animerhino.com/` in my index. When I visit their page my domain change to theirs. – James Lee Oct 18 '18 at 22:32

1 Answers1

2

Although there are some iframe buster scripts, you'll be better off adding the X-Frame-Options header to your responses:

X-Frame-Options: deny 
X-Frame-Options: sameorigin 
X-Frame-Options: allow-from https://example.com/

When the browser see's these headers, it will stop from loading your website if it was requested from an iframe.

Update

After better explanation of the problem, this problem can be solved by adding a javascript redirect. 

 if (window.top.location.href.indexOf("original-website.com") !== -1){
      window.location.href = "http://original-website.com"
 }
Ibu
  • 42,752
  • 13
  • 76
  • 103
  • Hello, Thanks for your reply. Unfortunately that didn't work for me. Perhaps they are not using iframe to imitate my website. – James Lee Oct 18 '18 at 21:36
  • How did you check if they are using an iframe or not? – Ibu Oct 18 '18 at 21:40
  • I didn't I just assumed they were. If you expect they are using some other kind of "trick" to pull this off. I'm all ears. – James Lee Oct 18 '18 at 21:46
  • To know if they are using iframe, just check the page source and you'll see an iframe. If they are displaying your page in realtime, check your server logs as you make a request to their website, you should see them making a sub request. – Ibu Oct 18 '18 at 21:48
  • Am on shared hosting so I can't check the logs. But they are showing my page in real time (http://scofieldinsuranceconsulting.com/) thats one of the site that are imitating my website. – James Lee Oct 18 '18 at 21:57
  • If they are simply mirroring your website, I added a script to redirect back to your website – Ibu Oct 18 '18 at 22:12
  • ` if (window.top.location.href.indexOf("original-website.com") !== -1){ window.location.href = "http://original-website.com" }` the fake site didn't change my domain name when I checked the page source code. But it doesn't redirect to my domain. – James Lee Oct 19 '18 at 00:50
  • What did you find on their page source? is the script to redirect present on the page? – Ibu Oct 19 '18 at 06:30