How do I block my ISP from framing websites? [duplicate]

I've noticed recently, as of today, that all the websites I visit (except for a specific few sites such as Google) are all put into a frame. I'm not sure what the reason for this is, there are no ads displayed and everything appears normal. The only reason I found out is because the headers weren't loading correctly and none of the page titles showed up properly - I quickly checked the source code and saw that instead of the source of the page I was expecting to see, there was a single line with a frame.

I first thought maybe somekind of trojan, but after going through various checks I've determined it's my ISP and/or somekind of Internet Registry (I traced the IP shown in the source code)

What can be done to prevent this frame, short of using a VPN? I feel like I am being spied on.

PS: I'm located in South Korea.

The source code looks like this: [copied from OP's comment to avoid the auto-formatting – grawity]

<html><frameset rows='0,*' border='0'><frame src='http://210.91.57.226/notice.aspx?p=P&s=1495361&h=sitename.com&us=5,841,6&cs=10489585&rt=Y'><frame src='http://sitename.com/?'></frameset></html>

The first frame is pulling from http://ip.address/notice.aspx?p=P&s=1495361&h=sitename.com&us=5,841,6&cs=10489585&rt=Y which makes me think that the ISP, or whomever, is monitoring your traffic to provide some sort of "warning, you are about to commit crimes against the state" "...are about to go over bandwidth allocation" "...we are watching you" (or whatever). It is also possible some malware on your computer is rewriting your traffic locally.

Paranoia aside, here are a few things you can try:

  • Check your computer for malware. Download a live linux distro and boot off of an entirely untainted operating system and browser. If you no longer see the frames, the problem is in some malicious software on your operating system or browser extension.
  • As Richie suggested on the comment on your post, try hardcoding an alternate series of DNS servers in your network config. A quick google turned up this list of public DNS servers organized by country or you can just try 4.4.2.2 (AT&T, I think) or 8.8.8.8 (Google). If you succeed here, you can probably set your alternate DNS servers on your Router or Modem to give every computer on your LAN a nice dose of clean traffic. If using an alternate DNS doesn't actually help the problem, then something more even malicious is probably going on.
  • A VPN account isn't entirely necessary, as long as you have SSH access to a server with reasonable bandwidth allocation, a properly configured SSH tunnel should do the trick. While using an alternate DNS as above, start up a tunnel with something like this: ssh [email protected] -D8080. If you're on Windows, Putty is easily configured to do the same thing. I use a browser extension called Falcon Proxy to easily toggle the browser from sending requests through a local SOCKS proxy or direct traffic. With the previous SSH command, instruct Falcon Proxy to direct traffic to a SOCKS proxy at localhost:8080. To test this you could spin up an instance on Amazon cloud or Linode. If you find that this is the route you need to go to avoid getting your traffic edited real time, a VPN is probably the better solution as it is less likely to require reconfiguring every application manually.

Given that the whois for this IP 210.91.57.226 indicates that it belongs to Korea Telecom and the pagename is notice.aspx, I am inclined to believe this is some ISP injection to give you some type of alert regarding usage, service disruption, or billing information.

This is a aggravating practice, and yet some ISPs engage in it because in many countries it is not strictly illegal. They may have recently amended their terms of service, and I would advise you look there.

To avoid having your ISP perform any type of injection HTTPS for as many sites as possible (some sites still do not have SSL as the default...) or use a VPN.