Prevent iframe stealing
HTTP access can be blocked to some extend by using an HTTP Referer filter. Access "by host server" can also be monitored through looking at the Referer in the HTTP logs. It's not a perfect solution, but for standard browser access will get you most of the way there. ("No Hot-Linking" setups sometimes work like this.)
For legal action, seek the advice of a lawyer :-) However, my first inclination would be to ask the other site owners to stop. They may just be nice.
With JavaScript you can do
if(window.top==window){
//not inside iframe
} else {
if(parent.parent.someFunction){
parent.parent.someFunction();
} else {
alert("framing is not allowed")
}
}
OR
if (window.top !== window.self) window.top.location.replace(window.self.location.href);
Some modern browsers also support the X-FRAME-OPTIONS header, that can have two values:
* DENY – prevents the page from being rendered if it is contained in a frame
* SAMEORIGIN – same as above, unless the page belongs to the same domain as the top-level frameset holder.
Browsers that support the header:
* IE8 and IE9
* Opera 10.50
* Safari 4
* Chrome 4.1.249.1042
* Firefox with NoScript
Use the same method that I suggested here: How to limit display of iframe from an external site to specific domains only
In a nut shell, you add a PHP script in every page (in your case it will probably be just one, assuming it is a template), this script limits the viewing to one (or more) reffering domains.
This method is better than a javascript method because the users might have it disabled.
If you can find out who it is you can tell them they can't use your content in that way. If you own website you can dictate how it can be used.
Have a look at framkillers : http://en.wikipedia.org/wiki/Framekiller
This is a technique to stop sites from being shown in iframes. Keep in mind that even framekillers can be killed.