I run a website which shows related articles widget that people can add on their websites.
Currently what my system does when a link is clicked in that widget it redirects to a link on my website and then redirects it back to related article that was clicked on. This process is to record the statistics for clicks.
Lately what some people have been doing is copy my link and than reload that in an iframe, which is causing unnecessary load on my system.
What I was thinking is that to trick the tricksters, I would create a link where the user comes in on my website, then I would internally from my website redirect the user to another link on my website where there is an iframe breaking script (i need an example of how to implement this) and a redirect to the related article. This means all the people trying to DDOS my site will have to comeup with something new. What code would you suggest to prevent people from loading my widget in an iframe? What code would you suggest to prevent hardcore DDOS?
Another issue I had was that related articles don't always receive my url as the referrer, which means that the user can exactly track the traffic from the widget. How can I solve this problem as well?
redirect the user to another link on my website where there is an iframe breaking script (i need an example of how to implement this)
This is called "frame busting" or "frame killing", and it's usually as simple as determining if you're the "top"-most window in the current frameset:
<script type="text/javascript">
if(top != self) top.location.replace(location);
</script>
As documented on the linked Wikipedia page, there are possible countermeasures.
Another issue I had was that related articles don't always receive my url as the referrer
Many browsers make it possible to simply turn of sending referrers. You won't be able to do anything about that. If you want to ensure that the remote site knows that your site sent it the traffic, consider a specific query string parameter as part of the redirect.