protecting site form frameset loading on another uri

Re: protecting site form frameset loading on another uri

Fotozine wrote:
[color=blue]
> well, after several months of learning, writing and developing my site,
> (and colecting hunderts of users in few days) one person have "included"
> my whole site under his domain. in frameset:
>
> <frame src="http://fotozine.org/....
>
> what can I do to stop such things? not just for this particular person
> and his site, but in genaral?
>
> (sorry on my clumsy english)
> Janko
>[/color]

Hi,

With PHP?
Not a lot.

You could however make life more difficult for people that include your
page, with javascript.

No guarantuees, but simple tricks like the following forces the other person
to parse you page and remove the javascript:

<script type="text/javascript">
if (parent.frames) {
// we have a frameset
alert("This information was stolen by:....");
location = "www.disneyworl d.com";
}
</script>

Regards,
Erwin Moller

Re: protecting site form frameset loading on another uri

Erwin Moller
<since_humans_r ead_this_I_am_s pammed_too_much @spamyourself.c om> wrote:
[color=blue]
> <script type="text/javascript">
> if (parent.frames) {
> // we have a frameset
> alert("This information was stolen by:....");
> location = "www.disneyworl d.com";
> }
> </script>
>[/color]

tnx, I will try. can such information be taken from/width $_SERVER
variable?

--
fotozine.org
"zicani okidac"
--

Re: protecting site form frameset loading on another uri

Fotozine wrote:
[color=blue]
> Erwin Moller
> <since_humans_r ead_this_I_am_s pammed_too_much @spamyourself.c om> wrote:
>[color=green]
>> <script type="text/javascript">
>> if (parent.frames) {
>> // we have a frameset
>> alert("This information was stolen by:....");
>> location = "www.disneyworl d.com";
>> }
>> </script>
>>[/color]
>
> tnx, I will try. can such information be taken from/width $_SERVER
> variable?[/color]

Don't think so.

Re: protecting site form frameset loading on another uri

Erwin Moller wrote:[color=blue]
> Fotozine wrote:
>
>[color=green]
>>Erwin Moller
>><since_humans _read_this_I_am _spammed_too_mu ch@spamyourself .com> wrote:
>>
>>[color=darkred]
>>><script type="text/javascript">
>>> if (parent.frames) {
>>> // we have a frameset
>>> alert("This information was stolen by:....");
>>> location = "www.disneyworl d.com";
>>> }
>>></script>
>>>[/color]
>>tnx, I will try. can such information be taken from/width $_SERVER
>>variable?[/color]
>
>
> Don't think so.[/color]
One could be a little more evil and use httpd.conf to deny access from
the IP that is stealing the material.

Re: protecting site form frameset loading on another uri

Erwin Moller wrote:
[color=blue]
> No guarantuees, but simple tricks like the following forces the other person
> to parse you page and remove the javascript:
>
> <script type="text/javascript">
> if (parent.frames) {
> // we have a frameset
> alert("This information was stolen by:....");
> location = "www.disneyworl d.com";
> }
> </script>[/color]

that won't work.

parent.frames evaluates to an object in some browsers even when there are no
frames.

--
phil [dot] ronan @ virgin [dot] net

Re: protecting site form frameset loading on another uri

Fotozine wrote:
[color=blue]
> well, after several months of learning, writing and developing my site,
> (and colecting hunderts of users in few days) one person have "included"
> my whole site under his domain. in frameset:
>
> <frame src="http://fotozine.org/....
>
> what can I do to stop such things? not just for this particular person
> and his site, but in genaral?[/color]

I think the best answer is to make sure that your web pages are clearly
marked with your domain name (e.g., as part of a logo).

If you like, you can use javascript to break out of framesets like this:

<SCRIPT type="text/javascript">
if (location.href != top.location.hr ef) top.location.hr ef = location.href;
</SCRIPT>

But that could cause problems (e.g. with Google image search)

--
phil [dot] ronan @ virgin [dot] net

Re: protecting site form frameset loading on another uri

NSpam wrote:
[color=blue]
> One could be a little more evil and use httpd.conf to deny access from
> the IP that is stealing the material.[/color]

The remote IP address will be that of the visitor, not the site that
provided the frameset.

--
phil [dot] ronan @ virgin [dot] net

Re: protecting site form frameset loading on another uri

Philip Ronan wrote:
[color=blue]
> Erwin Moller wrote:
>[color=green]
>> No guarantuees, but simple tricks like the following forces the other
>> person to parse you page and remove the javascript:
>>
>> <script type="text/javascript">
>> if (parent.frames) {
>> // we have a frameset
>> alert("This information was stolen by:....");
>> location = "www.disneyworl d.com";
>> }
>> </script>[/color]
>
> that won't work.
>
> parent.frames evaluates to an object in some browsers even when there are
> no frames.[/color]

Oh? Didn't encouter one untill now.
But thanks for the warning.
In that case a count of the frames in the parent (if exists) makes more
sense.

Regards,
Erwin Moller

Re: protecting site form frameset loading on another uri

Carved in mystic runes upon the very living rock, the last words of
Fotozine of comp.lang.php make plain:
[color=blue]
> well, after several months of learning, writing and developing my
> site, (and colecting hunderts of users in few days) one person have
> "included" my whole site under his domain. in frameset:
>
> <frame src="http://fotozine.org/....
>
> what can I do to stop such things? not just for this particular person
> and his site, but in genaral?[/color]

There are a number of Javascript frame buster solutions. Here's one:

<SCRIPT TYPE="text/javascript">
if (top.location != self.location)
top.location = self.location;
</SCRIPT>

In your PHP script you can also check $HTTP_REFERER. If the page is in a
frame, the referer will be the URL of the frameset. However, not all
browsers pass the referer.

Personally I'd use a combination: if my page is in the thief's frame,
say something nasty, then output some JS code that will wait a few
seconds and then bust out of the frame.

--
Alan Little
Phorm PHP Form Processor

Re: protecting site form frameset loading on another uri

Alan Little wrote:
[color=blue]
> Personally I'd use a combination: if my page is in the thief's frame,
> say something nasty, then output some JS code that will wait a few
> seconds and then bust out of the frame.[/color]

I don't think you'd do yourself any favours by sending rude messages to your
visitors. For example, click on the image thumbnail in this web page:
<http://images.google.c o.uk/images?hl=en&lr =&ie=ISO-8859-1&q=v30title>

Traffic to your website is generally something you should encourage,
regardless of how it gets there. If someone is trying to pass your content
off as their own, then talk to their ISP about it. Don't go insulting
everyone else.

--
phil [dot] ronan @ virgin [dot] net

Re: protecting site form frameset loading on another uri

"Philip Ronan" <invalid@invali d.invalid> wrote in message
news:BE4E1C16.2 C886%invalid@in valid.invalid.. .[color=blue]
> Erwin Moller wrote:
>[color=green]
>> No guarantuees, but simple tricks like the following forces the other
>> person
>> to parse you page and remove the javascript:
>>
>> <script type="text/javascript">
>> if (parent.frames) {
>> // we have a frameset
>> alert("This information was stolen by:....");
>> location = "www.disneyworl d.com";
>> }
>> </script>[/color]
>
> that won't work.
>
> parent.frames evaluates to an object in some browsers even when there are
> no
> frames.[/color]

if (top.location != self.location)
should do it
--
Ant

Re: protecting site form frameset loading on another uri

Philip Ronan wrote:
[color=blue]
> If someone is trying to pass your content off as their own,
> then talk to their ISP about it.[/color]

I'd e-mail the wrongdoer first, to explain why you're
unhappy with his framing your text and to ask if he'd kindly
put a stop to it. If he carries on, then I'd take it up
with his ISP.

Have a good weekend, Philip!

--
Jock

Re: protecting site form frameset loading on another uri

"Philip Ronan" <invalid@invali d.invalid> wrote in message
news:BE4E32BA.2 C8A3%invalid@in valid.invalid.. .[color=blue]
> Alan Little wrote:
>[color=green]
> > Personally I'd use a combination: if my page is in the thief's frame,
> > say something nasty, then output some JS code that will wait a few
> > seconds and then bust out of the frame.[/color]
>
> I don't think you'd do yourself any favours by sending rude messages to[/color]
your[color=blue]
> visitors. For example, click on the image thumbnail in this web page:
> <http://images.google.c o.uk/images?hl=en&lr =&ie=ISO-8859-1&q=v30title>[/color]

If you're going to do something nasty, you would naturally not reveal the
fact that the visitors are looking your site and not his.

I say, ask the guy nicely to stop framing your site. If he ignore you, start
redirecting *his* visitors to spyware traps. That oughta learn him a lesson.