Welcome to WebmasterWorld [webmasterworld.com], danthwhaler.

I'm guessing that the trojans, etc. are displayed around your website which is placed in the iframe.

The first move is to use a frame-breaker Javascript which will get your site out of the iframe. Add this in between the

<head>

and

</head>

of your site pages:

<script type="text/javascript">
if (parent.frames.length > 0) {
parent.location.href = self.document.location
}
</script>

If your site is itself using frames, place the Javascript in the frameset page.

That will mean that anyone finding the iframed page is going to get your site only displayed, not the other site around it.

what are the down sides to using a frame breaker especially if you don't know if the site is being framed?

Also, if java script is turned off it wouldn't work, right?

is this just generally a good idea as a preventative measure?

Also, if java script is turned off it wouldn't work, right?

You're right in saying it wouldn't work, but as the scumware downloads depend on Javascript/ActiveX as well, if JS is switched off so is the possibility of being hit.

I use a script like that on every single page I have online. As you said, it's a quick preventative measure.

encyclo, that's a great tip. Should be put in the library somewhere for all to see.

cEM

Many thanks for the very quick reply and great advice. I didn't get to see if it worked or not as the host took the site down before I got a chance to use it.

The code is in the header of my site now and so will hopefully sit there dissuading any similar such attempts.

I have the following in a .js file which is called from all pages,

if( window!= window.top ) { top.location.href = location.href; }

Someone from here told me about it, will it work the same as your script?

twist, I don't know if there is much of a difference, so I have started a thread in the Javascript forum here [webmasterworld.com] to ask for the best script to use.