homepage Welcome to WebmasterWorld Guest from 54.237.99.131
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Need help solving this mystery!
how to block my content from being iframed
Kaks



 
Msg#: 4671559 posted 3:58 am on May 16, 2014 (gmt 0)

Hello everyone,

Yesterday one site of mine received almost 2k visitors from other site. I found this very odd and went to check the site and found the homepage of site.com has a very sly "500 internal server error". Went for site.com/hvvrk/ inner page that was sending traffic to my site and now things get very odd, here I m redirected to my site homepage but its like I m on an iframe and any page i click within it the url always stays the same from the reffering site site.com/hvvrk/ instead of showing my pages urls. Imagine beeing here in webmasterworld.com browsing pages but in your toolbar there was a sticky url from that referring site that doesnt change like you were in an iframe.

The 2k traffic sent till now seems genuine thought, visitors make likes and spend time on site and its all traffic from the country my site is.

Either way, this seems like a blackhat strategy to harm my site in any way, I tried to block the traffic in .htaccess but without any luck.

Anyone familiar with this? how can I block my site from beeing within their site and them sending me traffic?

Thx in advance

 

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4671559 posted 6:31 am on May 16, 2014 (gmt 0)

I tried to block the traffic in .htaccess but without any luck.

What, exactly, did you try? You have to find a pattern in visits and make your rules based on that pattern.

:: detour to refresh memory ::

Does the offending page show up as the referer? If yes, it should be a simple matter to block visits. If no, Option B is a framebuster script of some kind. But your reference to "sending traffic" does make it sound like the default iframe behavior, where badsite.ua or badsite.biz or whatever it is appears in logs as the referer.

:: further study of logs, noting with exasperation that the msnbot has now learned the name of my general 404 page along with the 410 page ::

Are you using a RewriteRule? You need a RewriteCond looking at the referer. You could also do it with a SetEnvIf directive combined with a "Deny from..." Try to constrain it to requests for pages, so the server doesn't get slowed down too much. And re-check periodically; this isn't the kind of rule you need to keep in place forever.

Kaks



 
Msg#: 4671559 posted 2:35 pm on May 16, 2014 (gmt 0)

Thx mate, already solved this problem! Couldn't block it with .htaccess I think because the page was iframing my site within their site (was embebed) so had to use javascript to prevent my page from beeing load in any iframes or if I wanted block only that particular page.

To block any page:

<script type="text/javascript">
if(top.location != window.location) {
window.location = "http://www.youtube.com";
}
</script>


To block ofending page only:

<script type="text/javascript">
if(document.referrer.indexOf("offendingdomain.com") != -1) {
window.location = "http://www.youtube.com";
}
</script>


Now if any page loads mine in an iframe they will be redirected to youtube, you could also link any video from youtube or any other page.

Thx

kenroar

5+ Year Member



 
Msg#: 4671559 posted 5:24 am on May 19, 2014 (gmt 0)

Don't forget to use Google's disallow tool so you won't get hit by any algorithm or penalty: https://support.google.com/webmasters/answer/2648487?hl=en

tangor

WebmasterWorld Senior Member tangor us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4671559 posted 5:55 am on May 19, 2014 (gmt 0)

Also don't depend on JS framebusters.... there's a significant number of folks surfing the web with JS OFF. Take another look at .htaccess...

Kaks



 
Msg#: 4671559 posted 4:07 am on May 20, 2014 (gmt 0)

This is actualy very strange, traffic keeps coming, almost 3k visits per day. With that JS people coming from the ofending page will now load a web 2.0 I created with an offer and already made some sales. This is odd as traffic is genuine and i don't know what they were trying to acomplish by sending this ammount of traffic to other page. If they wanted to kill my adsense account I guess clickbombing would be more effective, is this to try to affect my rankings?

Also ofending page is not indexed and analytics don't show any visitor coming from them anymore, but my web 2.0 keeps getting the views.

Tangor what do you mean by take another look at .htaccess?

Thx

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4671559 posted 6:41 am on May 20, 2014 (gmt 0)

You need to have more than one arrow in your quiver. One arrow is the js framebuster. Another is an absolute lockout based on referer; if it isn't your own server, that means htaccess. (Or equivalent in That Other Server, but your first post did say specifically htaccess.)

What exactly did you try in htaccess? You never did say.

Kaks



 
Msg#: 4671559 posted 12:42 pm on May 20, 2014 (gmt 0)

Hi Lucy24,

This was what I wrote in .htaccess:

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite\.com [NC]
RewriteRule .* - [F]

This was before the JS "arrow" hehe and missed the target. They were still sending the traffic to my site.

Ty

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4671559 posted 6:51 pm on May 20, 2014 (gmt 0)

# Options +FollowSymlinks
Did you comment this out because it's already present? A host that permits htaccess will have a FollowSymLinks line in the config file, because otherwise they would be inundated with pointless support requests.

They were still sending the traffic to my site.

Do you mean that the rule didn't execute, or that people were still arriving by other means? Did you ever explain how you know that the requests are arriving? Raw logs, analytics, something else?

Kaks



 
Msg#: 4671559 posted 7:43 pm on May 20, 2014 (gmt 0)

Hi Lucy24 thx for replying.

I m not anywhere near an expert on this, I just followed what somebody told me in other forum and copy past the rule, but that would be correct, pasting that in .htaccess didn't cause any effect or rule might have not been executed as I kept seeing visitors in google analytics coming from ofending page.

When I pasted the JS in my header Google analytics stoped showing any visitors coming from the ofending site but the page I inserted in the JS when they load my page in an iframe is still receiving traffic that is referred from my site.

Kaks



 
Msg#: 4671559 posted 8:53 pm on May 20, 2014 (gmt 0)

Well, ofending site stoped to iframe my site, now same inner page of offending site is iframing other site and judging by the number of facebook likes it's not a very popular site and must have low traffic.

This was very intriguing to me, would love to know why someone is iframing others peolpe websites and send them legit traffic. Wonder where the traffic they are sending comes from to, as visits he was sending were all from same country my site is.

londrum

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4671559 posted 10:04 pm on May 20, 2014 (gmt 0)

Just to wind it back a bit... The URL wont change if the outer frame doesn't change. But if you've got firefox then you can right-click on the inside frame and select something like "show this frame only" or "open frame in new window" (i cant remember the exact words). Then you should see your own URL again. View the source code of that inside frame, if all the links are still pointing to your site like normal, and haven't been rewritten in any way, then you've got nothing to worry about. All he is doing is sending you some free traffic that you probably wouldn't otherwise have.

Although it is still very annoying, of course. I would definitely still want to break out of his frame

Didn't stumbleupon used to do something like this? They used to have a bar at the top of every page with their tools on it. Of course that has all been replaced by proper browser toolbars these days, but i remember it used to be quite common

Kaks



 
Msg#: 4671559 posted 10:57 pm on May 20, 2014 (gmt 0)

Yep, did what you sugested, url is normal, links are normal, traffic was genuine, visitors surfed my site to and even made couple sales. He has now another iframed site don't have to bother with the iframe anymore was just curious why he is sending "free traffic" to random sites? Never saw anyone sending 3k visits/day just because they are beeing friendly hehe.

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4671559 posted 11:05 pm on May 20, 2014 (gmt 0)

All he is doing is sending you some free traffic

Well, yeah, except that his only possible motive is to make his own site look good, right?

Kaks sent me the the name of the offending page; it's now got a different victim. Note this from the initial post:
the homepage of site.com has a very sly "500 internal server error"

This can only be intentional. If you go to the front page in the normal way, you get what looks like a legitimate 500 page (cut-and-paste, so it's all the same size):
Oops! An Error Occurred
The server returned a "500 Internal Server Error".
Something is broken. Please e-mail us at [email] and let us know what you were doing when this error occurred. We will fix it as soon as possible. Sorry for any inconvenience caused.

That [email] is not obfuscation on my part; it's the literal text of the page.

But wait! If you use a browser that allows UA spoofing and feed it the googlebot's UA string, you instead get a perfectly blank page. (Nothing at all in the source.) Same thing if you go via a UA-spoofing site.

And if, like me, you pursue the next hunch and ask for
example.biz/index.php
you first get redirected to
example.biz/index.php/
and then you get what looks like a genuine error:
Fatal error: Call to a member function getDirectory() on a non-object in /var/www/APL/src/APM/MainBundle/Controller/DefaultController.php on line 104

The offending domain lives at-- surprise, surprise-- AWS. Some further snooping reveals that three www sites share an IP (54.200.etcetera), and their names suggest they're all related except one's in Portuguese (the subject of this thread) while the other two are English and German respectively. And yup, they all appear to have the same whois information.

A final tidbit again gleaned from free lookup: The current victim site lists one recent RSS feed-- and by amazing coincidence it's the same page that is now being iframed.

A site: search in google naming the offending site comes up cold. So how did people find the site in the first place?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved