homepage Welcome to WebmasterWorld Guest from 54.167.174.90
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Google / Google AdWords
Forum Library, Charter, Moderators: buckworks & eWhisper & skibum

Google AdWords Forum

This 60 message thread spans 2 pages: 60 ( [1] 2 > >     
Got our first major bout of click fraud
Cloaking via adsense
bakedjake

WebmasterWorld Administrator bakedjake us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4300 posted 6:00 pm on Jan 13, 2005 (gmt 0)

Walked in this morning, had 6000 clicks before 12:30 eastern on a term that receieved 61 clicks yesterday.

I wanted to run down with everyone the steps we took to identify it, in case some people are curious as to how you catch it.

Steps for investigation that we took:

1. Observed a much higher than normal traffic volume (we're talking orders of magnitude higher)

2. Looked at my AdWords account, figured out these clicks were content and not search clicks.

3. Traced it to a specific keyword via our tracking system, then dumped all session information originating from that word and the AdWords source (we use a SQL based landing page system, so it's an easy 5 second query)

4. Compared offending IPs with known open proxies. No match, and the most clicks by a single IP was 7. So there was really no patterns within the IPs that were clicking.

5. Sorted by referrer in Excel, noticed that most clicks were originating from three main AdSense pages

6. Noticed that those AdSense pages had nothing on them but ads for this particular word. I assume they're getting the ads targetted to what they want via mediabot cloaking.

7. Phoned Google, talked to a helpful girl named Kate, who agreed that the clicks looked odd. She offered to pass the offending sites onto the AdSense team, and sent me a form to fill out for information.

Time to resolution: Approximately 15 minutes

The moral of this story is that you need to be measuring everything having to do with your AdWords account, especially considering Google does not break out content clicks within your account. It is quite easy to detect simple clickfraud on a large advertising campaign by tracking and observation. You don't need expensive products.

 

Nikke

10+ Year Member



 
Msg#: 4300 posted 6:27 pm on Jan 13, 2005 (gmt 0)

Wow! Well done.

Hopefully three Made for AdSense scaper sites and one bad publisher gone.

diamondgrl

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4300 posted 7:51 pm on Jan 13, 2005 (gmt 0)

Congratulations! The referer spreadsheet advice is terrific.

gmac17

10+ Year Member



 
Msg#: 4300 posted 8:13 pm on Jan 13, 2005 (gmt 0)

good story. That was an obvious case, what if the same people had been smarter about it and done 25 clicks per day for the next year. that's what scares me.

How did you sort the referrer? Could you find the exact site the adsense was running on?

beren

10+ Year Member



 
Msg#: 4300 posted 12:33 pm on Jan 14, 2005 (gmt 0)

7. Phoned Google, talked to a helpful girl named Kate, who agreed that the clicks looked odd. She offered to pass the offending sites onto the AdSense team, and sent me a form to fill out for information.

Time to resolution: Approximately 15 minutes

Is this really resolution, though? Let us know if they actually refund your account and kick out the offending site. That would be resolution.

Yes, Google is always helpful and agreeable on the phone. That doesn't always translate into action in my experience. At least they sent you a form.

sdani

10+ Year Member



 
Msg#: 4300 posted 12:41 pm on Jan 14, 2005 (gmt 0)

They sent you a form? I guess this is just to make refunds a complex process. My telephone company or credit card company never sent me any forms for refunds.

whoisgregg

WebmasterWorld Senior Member whoisgregg us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4300 posted 1:13 pm on Jan 14, 2005 (gmt 0)

So you had somewhere between 850 and what, around 3000 unique IPs used for the fraud? Was there geographical similarities with the clicks? U.S. or abroad?

Thanks for the story and the tips, Jake.

outland88

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4300 posted 5:18 pm on Jan 14, 2005 (gmt 0)

>especially considering Google does not break out content clicks within your account

Why can't Google do this. It seems the legitimacy of the the program could be greatly enhanced if clients could have a greater role in stopping click fraud. I would think people would increase bids if they had this type monitoring. Seems they don't want you to have the information readily available.

bears5122

10+ Year Member



 
Msg#: 4300 posted 5:24 pm on Jan 14, 2005 (gmt 0)

I think the most disturbing thing about this case is that Google didn't catch this on their own. Typically a jump from an average of 65 clicks to 3000 clicks would throw some flags up. I would imagine that this isn't the only advertiser being effected.

Google has no problem putting my keywords on hold, or pausing my account for review. I don't see why the same precautions can't be used for Adsense.

As someone mentioned, what would happen if this site had only done 25 clicks/day? Most advertisers wouldn't blink at this. It's unfortunate that we can't trust Adwords fraud meaures.

With all the quality control mechanisms they've been adding to Adwords, it's a shame fraud isn't one of their primary concerns.

sdani

10+ Year Member



 
Msg#: 4300 posted 5:37 pm on Jan 14, 2005 (gmt 0)

I received about 317 clicks one day and 271 clicks another day for a gambling related word. All of those came from content network. I know this because when I checked referral, I was taken to a google page which explained that. I was not able to find the actual Adsense site and after spending several minutes on phone, I was not able to get a refund.

I wonder how did you sort the referral URLs to find out the actual Adsense referral.

sdani

bakedjake

WebmasterWorld Administrator bakedjake us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4300 posted 5:45 pm on Jan 14, 2005 (gmt 0)

3000

That number is about right, whoisgregg.

They sent you a form?

Pardon me, I misspoke. They sent me a list of six questions to answer. The questions were all reasonable, and my Excel spreadsheet answered 5 of them right off the bat, so it was a whole 5 minutes to fill out the email and send it back. The six questions were:

1) The keyword(s) associated with invalid clicks.
2) The related Campaign(s) and URL(s) of your ad(s) receiving invalid clicks.
3) Suspicious IP address(es) or Referrer(s) (this information may be found via your web logs).
4) The date(s) and time (s) of each invalid click activity.
5) A sample of the invalid requests from your web logs, or an excerpt of your unaltered logs during which you observed this activity.
6) A paragraph describing the trends in logs and/or reports that led you to believe the click activity is invalid.

If your tracking system is halfway decent, you'll have all of this (excluding question 6) already present before you're calling Google up. For question 6, my response was simply "click volume today is two orders of magnitude higher than normal"

I think the most disturbing thing about this case is that Google didn't catch this on their own.

I'm forced to somewhat agree, but also appreciate the complexities involved with doing something like this. Looking at what was necessary on my end for tracking this, I think it would be hard, if not technically impossible, for Google to do with the thousands of advertisers they have.

That said, the responsibility is on Google. They are providing an advertising service, and if they want to be known for relevant clicks they need to do a better job. The partner hosting the AdSense ad in question had no business hosting the AdSense ad. It was clear as day, so clear that the Kate immediately passed it onto the AdSense team.

And, finally, as I am totally against unnecessary legislation w/r/t business, I think it is in Google's (and in the advertisers!) best interest to do a better job at policing clickfraud, and not subjecting it to legislation and regulatory requirements. If they let the industry be legislated, their cost of doing business will eventually go up. Unfortunately, I'm not quite sure they understand that yet.

My telephone company or credit card company never sent me any forms for refunds.

I would rather talk to Google on the phone for 5 minutes and fill out a form for 10 minutes than try to resolve something with the telephone company any day of the week. I can honestly say that after running an ISP for 5 years, if I never had to talk to another telephone company in my life I would be extremely happy.

I wonder how did you sort the referral URLs to find out the actual Adsense referral.

It comes through as the googlesyndication.com domain. You can see the referring page inside of the querystring passed from that domain.

Yes, Google is always helpful and agreeable on the phone. That doesn't always translate into action in my experience.

It has in every single instance I've ever dealt with them on the phone. I can honestly say I have never had an experience where I've called Google and an issue went unresolved.

As an aside:

It's interesting to think that Google should be so proactive about clickfraud. I agree that I would like them to, but how many other companies do you know in the US that are proactive about auditing accounts and billing information, looking for people who pay too much, and then proactively giving them credits? Not many.

benevolent001

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4300 posted 5:46 pm on Jan 14, 2005 (gmt 0)

Hello BakedJake
Congrats on your success

But it would be great if you could help us too in implementing such click tracking methods,as most of the guys like me are not aware of methods mentioned like you did...atleast i am not aware of those

I am also spending like $500 a month on adwords so i am too concerned about this

Can you please explain in simple language how can i do that, you termed SQL database....excel sheet....tracking how you used those? did you used web logs or what?

And if you can give any custom script made by you for the same , it would be great

What you really did...?

Thanks

growingdigital

10+ Year Member



 
Msg#: 4300 posted 5:47 pm on Jan 14, 2005 (gmt 0)

A good rule of thumb:

If you don't have the mechanisms in place to track click fraud, or your ROI isn't where it needs to be, dump the Content Network.

I advertise exclusively on the Search Network for this reason. Less fraud, more precision, more control, better conversions, etc., etc.

bakedjake

WebmasterWorld Administrator bakedjake us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4300 posted 5:49 pm on Jan 14, 2005 (gmt 0)

dump the Content Network

There's big money to be made if you advertise on the content network. You just need to track it properly.

beren

10+ Year Member



 
Msg#: 4300 posted 5:54 pm on Jan 14, 2005 (gmt 0)

It seems the legitimacy of the program could be greatly enhanced if clients could have a greater role in stopping click fraud. I would think people would increase bids if they had this type monitoring. Seems they don't want you to have the information readily available.

Agreed. Keeping the customer in the dark and saying “don’t worry, be happy” hurts Google. Although letting customers see where their ads are appearing might hurt them more.

what would happen if this site had only done 25 clicks/day? Most advertisers wouldn't blink at this. It's unfortunate that we can't trust Adwords fraud meaures.

Yes, you can’t trust them. And the low click number fraud is the most insidious, especially because Google won’t admit it. Even when the evidence is strong. They want to sweep the 25-click fraud under the rug as if it were noise, even when it makes up a large fraction of total costs, as it does for low impressions/high CPC campaigns.

[edited by: beren at 6:00 pm (utc) on Jan. 14, 2005]

europeforvisitors



 
Msg#: 4300 posted 5:57 pm on Jan 14, 2005 (gmt 0)

I think the most disturbing thing about this case is that Google didn't catch this on their own.

How do you know they didn't or wouldn't have done if the advertiser hadn't phoned them so quickly?

If Google weren't diligent in monitoring for invalid clicks, the AdSense forum wouldn't be littered with "My account has been cancelled..." threads. :-)

davec

10+ Year Member



 
Msg#: 4300 posted 6:01 pm on Jan 14, 2005 (gmt 0)

I think the most disturbing thing about this case is that Google didn't catch this on their own.

To be fair to Google Bakedjake did state that those clicks had happened within a small period of time and he alerted Google before the day was out.

The question is whether Google would have picked this up at the end of the reporting day and reinbursed, if they were not notified?

d

<edit - by the time i clicked submit europeforvisitors had got there before me - damn his quick typing ;)>

outland88

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4300 posted 6:36 pm on Jan 14, 2005 (gmt 0)

>How do you know they didn't or wouldn't have done if the advertiser hadn't phoned them so quickly?

I think most people who are paying for Adwords advertising would have jumped on it as quickly as they could. That's a pretty big gamble waiting to see if Google takes care of it at some latter point in time. That bill might jump considerably and Google might say no refund. That's an automated billing system and you might have to shut down an account until you worked it out with Google and the cc company, adding more hurt to injury.

I take it from the response you're only using Adsense.

contrast compare

10+ Year Member



 
Msg#: 4300 posted 6:48 pm on Jan 14, 2005 (gmt 0)

Jake, the only way you detected this fraud was because the clickfraudster (Im going to trademark that name now and sell t-shirts at defcon) was stupid enough to do 10,000% percent of your normal clickthrough in half a day.

What would you have done if they were smarter, and spread this out over a few months, or even years?

I don't think there is anything you can do, right now....

Also, you said the clicks came from random IPs but not from proxies. Do you think that all of these boxes infected with some sort of clickbot spyware? Id be interested in reversing the program if you have a copy of it.

bakedjake

WebmasterWorld Administrator bakedjake us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4300 posted 6:53 pm on Jan 14, 2005 (gmt 0)

What would you have done if they were smarter, and spread this out over a few months, or even years?

Not post my tracking methods on WebmasterWorld so they know how to defeat them? ;-)

In all seriousness, the majority of the clickfraud we see is stupid clickfraud. My post was intended to inform those not tracking that this kind of "stupid" clickfraud does indeed happen, it can be expensive, and can easily be tracked.

We have more advanced methods for tracking. I was just showing how easy it was to figure out the big, simple stuff.

I don't think there is anything you can do, right now....

Yeah, there's a ton you can do. Statisical probabilities, variances, even basic IP checking against an open proxy list. For example, I could approach it like this: I know Country X has x amount of users doing x amount of searches per day. I know what I expect to see from Country X. If I see more than that outside of a safe threshold, I flag it and send it in for submission.

Maybe I'll run totally incoherent and bad ads that I know get 0% CTR, just as a honeypot to collect fraud data.

There's tons of ways to track this. Just think outside of the box.

[edited by: bakedjake at 6:56 pm (utc) on Jan. 14, 2005]

Webwork

WebmasterWorld Administrator webwork us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4300 posted 6:53 pm on Jan 14, 2005 (gmt 0)

61 clicks to 6,000, using multiple IP addresses? That's A) Stupidity (jacking clicks up 100 fold) and, B) Intelligence (Programmiing a bot and hiding behind multiple IP addresses). Something doesn't add up.

There's a saying in the law: "The essence of fraud is concealment." Either your fraudster is technically savvy whilst being procedurally dumber than a rock OR what we have hear is someone bombing some else's AdSense account for the purpose of putting a hurt on that person. The person who programmed the bot to click 6,000 times had to know the volume of clicks would set off alarms, unless that part of the brain in charge of 'looking at the big picture' had petrified.

This looks like an attempted AdSense account assassination. Would this more likely succeed than filing a report saying "Hey, the AdSense page violates the content requirement"?

bears5122

10+ Year Member



 
Msg#: 4300 posted 6:56 pm on Jan 14, 2005 (gmt 0)

How do you know they didn't or wouldn't have done if the advertiser hadn't phoned them so quickly?

I certainly don't know that. I do know that I've managed approximately $300,000 in PPC over the past few months and received $14 in credits from Google with their proactive approach to click fraud.

It's interesting to think that Google should be so proactive about clickfraud. I agree that I would like them to, but how many other companies do you know in the US that are proactive about auditing accounts and billing information, looking for people who pay too much, and then proactively giving them credits? Not many.

Brings up a very good point. In most industries, stopping fraud doesn't necessarily benefit the company. The only industry that I see that is very proactive is the credit card industry. Although, over time, you wonder when advertisers will simply dump content network and put that money in more reputable advertising. I've always felt that if you can't regulate your product, you shouldn't be offering it.

The biggest issue I have is the other lack of review to new Adsense clients. When I see some of the sites that have adsense on them, I'm shocked. It's certainly sad to see Kanoodle having stricter site guidelines than Google.

In the end, Google will continue their approach to click-fraud as a reactive measure. Those who are checking these issues are the minority of Adwords users, the majority still lies in novice users who don't realize they are being taken to the bank. Until fierce competition from other sources arise, or Adwords users wise up, fraud prevention will remain on the back burner.

StupidScript

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4300 posted 7:27 pm on Jan 14, 2005 (gmt 0)

how easy it was to figure out the big, simple stuff

Indeed, a tidy example of detective work, Jake.

And, of course, the devil is in the details ...

With many analysts reporting their impressions that click fraud makes up around 30% of all PPC expenditures, the really tricky part is detecting the rest of the culprits.

If you can identify and be reimbursed for, say, 5% of the fraudulent clicks you get on a daily basis, that's doing pretty well.

It'll probably be a couple more years before there are non-proprietary systems available that make a serious dent in identifying and documenting click fraud. Every one I've found to date have been remarkably flawed.

It's a pretty tough nut to crack.

bears5122

10+ Year Member



 
Msg#: 4300 posted 8:46 pm on Jan 14, 2005 (gmt 0)

I think signifigant opportunity will exist for "click auditors". These services have become very popular in the telcom industry.

Webwork

WebmasterWorld Administrator webwork us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4300 posted 9:29 pm on Jan 14, 2005 (gmt 0)

Whilst I really appreciate Jake's work explaining how he dealt with this I'm still mystified by the modus operandi of the bad actor.

Is this so clearly fraud verses an assault on someone running AdSense? Is this a competitor's assault on the keyword advertiser - burning up their budget for clicks - just to kill their account?

Fraud = concealment. Subtlety. Not 60 > 6,000 clicks. What type of fraud is so blatant? This looks more like malice. That is: Don't conceal, just hurt.

Are you all saying that the fraudsters, who can program bots or set them loose, using multiple IP addresses, can only think that far?

If they're that stupid so be it. In the end, from Jake's POV, it doesn't much matter - so long as the account is refunded. BUT . . .

Is it possible for Jake's competitor to attack him in a round about way by clicking on his company's AdSense ads? Can a bot be programed to do that?

Clark

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4300 posted 10:22 pm on Jan 14, 2005 (gmt 0)

Yeah, there's a ton you can do. Statisical probabilities, variances, even basic IP checking against an open proxy list. For example, I could approach it like this: I know Country X has x amount of users doing x amount of searches per day. I know what I expect to see from Country X. If I see more than that outside of a safe threshold, I flag it and send it in for submission.

Seems like a lot of work to spend money on advertising. I can understand why they don't want to allow advertisers to see the sites adsense shows up on, but this is clearly a growing problem they will have to deal with sooner or later. Reputations can be destroyed quickly, even for G.

pmkpmk

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4300 posted 10:47 pm on Jan 14, 2005 (gmt 0)

@webwork:

Sounds like a variant of a Distributed Denial Of Service (DDOS) attack to me. The person starting the attack and the person programming the bot (or the bot network on tons of infected PC of innocuous users) are most likely not the same.

I even doubt that the bot was specifically written for clicking ads. I rather think it is a multiple purpose bot, probably even remote-programmable by some instruction language, which is rented to whoever is willing to pay for it.

Remember the case where some betting offices (bookmakers) in the UK were blackmailed a few months ago. They were threatened to have their website shut down during racing season. This was done via remotely distributed bots on infected PC's.
I think it should not be a problem to do bots who can click ads too, and which get their commands via IRC channels.

So some unscrupulous brain programmed these bots. And some jerk had enough money to rent the bot network for ad clicking.

And then you have the combination of dumbness/greed on the side of the clickfraudster, and "evil genius" on the side of the programmer.

whoisgregg

WebmasterWorld Senior Member whoisgregg us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4300 posted 1:41 am on Jan 15, 2005 (gmt 0)

They want to sweep the 25-click fraud under the rug as if it were noise, even when it makes up a large fraction of total costs, as it does for low impressions/high CPC campaigns.

(my bold)

Your experience may not be representative of all adwords advertisers.

The only industry that I see that is very proactive is the credit card industry

Good point. Credit card companies only take action if the fraud is over a certain amount. They go after the "$1,000 at a Walmart" idiots, but fraudulent charges of $1 - $50 will NEVER be tracked down, it's cheaper to just refund the money to the cardholder.

Fraud = concealment. Subtlety. Not 60 > 6,000 clicks. What type of fraud is so blatant?

How would the fraudster know that the campaign was only getting 60 clicks a day? I agree they made grotesque mistakes, but there are campaigns that wouldn't notice an extra 6,000 clicks one day and they may have mistakenly thought Jake's was one of those. I'm pretty sure they didn't think that through, but the points still worth making.

whoisgregg

WebmasterWorld Senior Member whoisgregg us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4300 posted 1:48 am on Jan 15, 2005 (gmt 0)

Yeah, there's a ton you can do. Statisical probabilities, variances, even basic IP checking against an open proxy list. For example, I could approach it like this: I know Country X has x amount of users doing x amount of searches per day. I know what I expect to see from Country X. If I see more than that outside of a safe threshold, I flag it and send it in for submission.

Seems like a lot of work to spend money on advertising.

All advertising has a great deal of statistical and logging work done. Considering the accuracy which can be achieved with online tracking, it's actually less work than trying to achieve similar accuracy in any traditional advertising.

PatrickDeese

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4300 posted 2:06 am on Jan 15, 2005 (gmt 0)

I think the explanation is - possibly - that they might have been trying to burn through the budgets of the high bidders in order to give them cheap clicks over the weekend - and make money in the process.

If you were bidding 5 cents a click for "widgets" and there were 20 bidders above you, reaching upwards towards $5.00 a click - a little clickbotting might just shoot you into the top 3 with 10000 clicks or so.

You'd end up having a banner day both with adsense and through your adwords campaign.

Not the smartest implementation of the technique, obviously, since it threw up red flags for Jake (and likely many other advertisers).

This 60 message thread spans 2 pages: 60 ( [1] 2 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google AdWords
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved