MyBB

Jabberwock · 2014-07-13, 11:48 AM

It has come to my attention that there is an impostor website linking to my website through a frame tag.

For example, blabla.XXX which is the imposter site will link to my legitimate blabla.YYY site.
And a GET data is extended with ?referrer=NUM.
Now I obviously undertand that they want to get many referrals, because I provide rewards for referrers.
BUT they also have a javascript with Google Analytics? It seems...

Question is, will they be able to obtain the cookies from the child frame?

StefanT · 2014-07-13, 12:44 PM

(2014-07-13, 11:48 AM)Jabberwock Wrote: Question is, will they be able to obtain the cookies from the child frame?

No.

You can prevent your website from being embedded in a frame: https://en.wikipedia.org/wiki/Clickjacking#Prevention

VoIP · 2014-07-13, 02:45 PM

(2014-07-13, 12:44 PM)StefanT Wrote:
(2014-07-13, 11:48 AM)Jabberwock Wrote: Question is, will they be able to obtain the cookies from the child frame?
No.

You can prevent your website from being embedded in a frame: https://en.wikipedia.org/wiki/Clickjacking#Prevention

As Stefan said their are couple of ways to block it.

One of them being Noscript(Client Side) and the other being Noframe(server side)

Goodluck Op.

Jabberwock · 2014-07-14, 12:37 PM

I took the server side route, it's working great.

Dannymh · 2014-07-14, 12:49 PM

Jabberwock,

how did you identify that someone was doing this?

VoIP · 2014-07-14, 02:06 PM

(2014-07-14, 12:49 PM)Dannymh Wrote: Jabberwock,

how did you identify that someone was doing this?

I think he's saying a parameter was holding it.

?refer=script here.

Login
Username:
Password:	Lost Password?
	Remember me