homepage Welcome to WebmasterWorld Guest from 54.204.94.228
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Google / Google AdSense
Forum Library, Charter, Moderators: incrediBILL & jatar k & martinibuster

Google AdSense Forum

    
Bot Net Click Fraud
A Threat To Adsense
Iguana

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 14098 posted 9:58 am on May 16, 2006 (gmt 0)

A Bot Net was observed cliking on Adsense adverts, as reported in The Register:

[theregister.co.uk ]

Imagine how hard it would be for Google to detect this.

 

Hobbs

WebmasterWorld Senior Member hobbs us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 14098 posted 10:11 am on May 16, 2006 (gmt 0)

I think Google is competent enough to automatically detect and discount such clicks, hate to think what will happen if:

a) One of the compromised PCs belongs to one of us publishers :) No looking back on this one!

b) The compromised PCs are in the tens or hundreds of thousands, imagine all the valid clicks that would be discounted along with the fake ones, major loss for all.

Few lawsuits and serious jail time should set a good example.

larryhatch

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 14098 posted 10:27 am on May 16, 2006 (gmt 0)

They got lucky with this perp, he left some doors open so they got the goods on him.
I'd bet somebody can count on major jail time.
Can't count on that every time. I suppose G could simply follow the money,
i.e. see who's sites are getting the pre-arranged clicks and take it from there.
It must be laborious, but machine doable. -Larry

DamonHD

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 14098 posted 11:54 am on May 16, 2006 (gmt 0)

Hi,

There are many realtime ways to detect bot/compromised machines, such as SPAMHAUS's xbl DNS list.

I don't even let such compromised machines see most of my main site with AW on, and I'm sure that G must have at least as many tools as I do to detect this! B^>

Rgds

Damon

Jafo

5+ Year Member



 
Msg#: 14098 posted 1:36 pm on May 16, 2006 (gmt 0)

It would not be difficult at all to write up a bot that adsense would have no clue on what is going on.

I would rather not be the inspiration of such things, but if anyone here thinks Google can catch everyone doing this, they are nuts.

Hobbs

WebmasterWorld Senior Member hobbs us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 14098 posted 1:50 pm on May 16, 2006 (gmt 0)

Lookup Google's market cap and tell me if you still think I am nuts saying that whatever can be done they can to defend that much business. This forum is littered with people that underestimated Google's capacity.

Jafo

5+ Year Member



 
Msg#: 14098 posted 3:54 pm on May 16, 2006 (gmt 0)

Look how much money banks put into security, and they get robbed every day.

Demaestro

WebmasterWorld Senior Member demaestro us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 14098 posted 4:13 pm on May 16, 2006 (gmt 0)

Hobbs... Don't give Google too much credit this was reported to them by the SANS Institute Google didn't catch this themselves. I am not underestimating their abilities but I am not going to dismiss this as something they will just figure out.

Everytime they close one of these holes someone finds another to open. And with every hole that gets closed usually some feature is closed with it.

hyperkik

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 14098 posted 4:42 pm on May 16, 2006 (gmt 0)

The fact that The SANS Institute reported this discovery to Google doesn't mean either that Google discovered or did not discover the abuse on its own. It also does not mean that Google could not have, or would not have, discovered the abuse on its own.

To successfully get away with this type of abuse on any significant scale, you would need to have tens of thousands of computers involved, and would need to be recruiting corrupt AdSense publishers in a way that drew no attention from Google, from anybody who would report the activity to Google, or from law enforcement. Even if we assume that Google was clueless until it received the report, this incident demonstrates that it isn't necessarily easy to stay below everybody's radar.

Demaestro

WebmasterWorld Senior Member demaestro us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 14098 posted 4:50 pm on May 16, 2006 (gmt 0)

hyperkik you are right, Google would have most likely stumbled across this at some point and your point about it not being easy to stay below everybody's radar is a great one. The problem is how long does it go on before a bleep comes on on someones radar screen and how much damage can be done in that time.

You mentioned that you would need 10s of thousands of computers involved to do this, I think that is a little high but still Microsoft and their Windows product has seen to it that someone can "commendere" this many computers, and it isn't even that hard to do. I agree that recruiting current adsense members would be a tough thing to do without exposing yourself, but why do that when you can recruit new people to get Adsense accounts for this purpose alone.

Not sure what this all means but I hope these types of abuses don't end up folding the PPC ad model of the net. I still think for every Adsense scam we find there are 2 we haven't.

Hobbs

WebmasterWorld Senior Member hobbs us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 14098 posted 4:57 pm on May 16, 2006 (gmt 0)

Add to hyperkik's point that Google's anti fraud operates in total radio silence, part of their success depends on it.

I am not saying Google is not vulnerable, no one is or will ever be that powerful, I am only saying that if anyone can do it, Google can and my money literally is on them any time any day until I see otherwise.

jomaxx

WebmasterWorld Senior Member jomaxx us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 14098 posted 5:24 pm on May 16, 2006 (gmt 0)

I think there's a certain vulnerability to sheer vandalism, but so what? A network of slave computers could just as easily launch a DDOS attack on any site in the world. The Web comes with certain security holes and you just have to live with them.

As for someone putting together a project like this for profit, I doubt very much that could work in any significant way. One way or another it would come to Google's attention long before they cut the fraudster a check.

gregbo

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 14098 posted 8:41 pm on May 16, 2006 (gmt 0)

Lookup Google's market cap and tell me if you still think I am nuts saying that whatever can be done they can to defend that much business. This forum is littered with people that underestimated Google's capacity.

It's not that we are underestimating G's capacity. It's that some of us recognize a problem that can't be (perfectly) solved. No one doubts that G can detect SOME click fraud; we are arguing that they cannot detect ALL click fraud (and that which is undetectable could be quite costly).

gregbo

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 14098 posted 8:49 pm on May 16, 2006 (gmt 0)

Not sure what this all means but I hope these types of abuses don't end up folding the PPC ad model of the net. I still think for every Adsense scam we find there are 2 we haven't.

Having to employ cybercops to detect PPC clickbots (on top of the other malware spread already being detected) doesn't make PPC look particularly endearing (IMO). PPC is supposed to make advertising easier and cheaper, at least according to its proponents. However, as more light is shined on the click fraud issue, we learn that it's actually quite time- and cost-intensive (except for those big-budget advertisers).

Jafo

5+ Year Member



 
Msg#: 14098 posted 10:21 pm on May 16, 2006 (gmt 0)

and would need to be recruiting corrupt AdSense publishers in a way that drew no attention from Google

Recruit? Why? They would just grab pub-id's all over the net and add them to the pool. If your scummy enough to hijack computers, what do you care about getting people involved in your scam via their adsense account ID?

There have been botnets found ranging into the hundreds of thousands.

And going to jail? Do you think the same person who sends you the "I am an overthrown dictator from Nigeria" email is worried about google prosecuting them?

jomaxx

WebmasterWorld Senior Member jomaxx us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 14098 posted 10:49 pm on May 16, 2006 (gmt 0)

Um, did you look at that Register article? Immediately below it there's a link to another article: "Botnet master jailed for five years".

BillyS

WebmasterWorld Senior Member billys us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 14098 posted 11:32 pm on May 16, 2006 (gmt 0)

>>Lookup Google's market cap and tell me if you still think I am nuts saying that whatever can be done they can to defend that much business.

I agree. They should defend this ruthlessly and as an advertiser I hope they do. That being said, click fraud hurts us all because it lowers the value of a real click.

AdSenseAdvisor

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 14098 posted 11:07 pm on May 17, 2006 (gmt 0)

We continually upgrade our detection mechanisms to proactively combat invalid activity and are aware of botnets/automated bots as a method to commit click fraud, and our systems are effective in detecting and filtering these clicks. In addition, we disable publishing accounts found violating our invalid click policies.

Iguana

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 14098 posted 11:55 pm on May 17, 2006 (gmt 0)

ASA

I am sure you have very good detection mechanisms. I sometimes wonder if you are building a database of honest webmasters vs cheaters! (we get so many I've been banned posts here). My worry is that some scum may destroy the income that you give to so many good websites (as well as your own income).

[edited by: jatar_k at 6:59 pm (utc) on May 22, 2006]
[edit reason] removed ot portion [/edit]

toldan



 
Msg#: 14098 posted 5:13 am on May 18, 2006 (gmt 0)

A Bot Net was observed cliking on Adsense adverts, as reported in The Register:
[theregister.co.uk...]

Imagine how hard it would be for Google to detect this.

How many innocent publishers will be banned because of these illegal bot nets who click on ads without any interest?

Lagamorph

5+ Year Member



 
Msg#: 14098 posted 8:30 am on May 18, 2006 (gmt 0)

It's pretty amusing that this article has google ads with the titles

Make money with traffic, Absolute Highest Payouts, and of course, Show Google Ads. It seems the google algorithms includes a sense of humor.

percentages

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 14098 posted 8:39 am on May 18, 2006 (gmt 0)

>We continually upgrade our detection mechanisms to proactively combat invalid activity and are aware of botnets/automated bots as a method to commit click fraud, and our systems are effective in detecting and filtering these clicks.

I'm sure they are.....and they should be. Hitting publishers for botnet activity would be futile and I personally know that Google handles it well :) Often when we publishers let it slip for a few days!

>In addition, we disable publishing accounts found violating our invalid click policies.

Now why did you feel it necessary to post that comment?

activeco

10+ Year Member



 
Msg#: 14098 posted 11:31 am on May 22, 2006 (gmt 0)

...and are aware of botnets/automated bots as a method to commit click fraud, and our systems are effective in detecting and filtering these clicks.

Why don't you sue at least such large scale cons?
They not only fraud advertisers, they damage the trust of Google too.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google AdSense
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved