I think someone is stealing my content using an iframe. My website is a forum and a user has just reported them to me.

How can I find their website programmatically (php,JavaScript,jQuery,HTML) if their are others doing this?

Is this allowed on the internet for them to do this and can I take action?

With JavaScript you can do

if(window.top==window){
 //not inside iframe
} else {
    if(parent.parent.someFunction){
       parent.parent.someFunction();
    } else {
       alert("framing is not allowed")
    }
}

OR

if (window.top !== window.self) window.top.location.replace(window.self.location.href);

Some modern browsers also support the X-FRAME-OPTIONS header, that can have two values:

* DENY – prevents the page from being rendered if it is contained in a frame
* SAMEORIGIN – same as above, unless the page belongs to the same domain as the top-level frameset holder.

Browsers that support the header:

* IE8 and IE9
* Opera 10.50
* Safari 4
* Chrome 4.1.249.1042
* Firefox with NoScript

If you can find out who it is you can tell them they can't use your content in that way. If you own website you can dictate how it can be used.

Have a look at framkillers : http://en.wikipedia.org/wiki/Framekiller

This is a technique to stop sites from being shown in iframes. Keep in mind that even framekillers can be killed.

Use the same method that I suggested here: How to limit display of iframe from an external site to specific domains only

In a nut shell, you add a PHP script in every page (in your case it will probably be just one, assuming it is a template), this script limits the viewing to one (or more) reffering domains.

This method is better than a javascript method because the users might have it disabled.

HTTP access can be blocked to some extend by using an HTTP Referer filter. Access "by host server" can also be monitored through looking at the Referer in the HTTP logs. It's not a perfect solution, but for standard browser access will get you most of the way there. ("No Hot-Linking" setups sometimes work like this.)

For legal action, seek the advice of a lawyer :-) However, my first inclination would be to ask the other site owners to stop. They may just be nice.

you can use this js code in top of your website (header page)

if (window.top !== window.self) window.top.location.replace(window.self.location.href);

You can prevent other websites from framing your data using a Content Security Policy header e.g. frame-ancestors 'none'; will block every website from embedding your content in an iframe on their site https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors