| 3:10 pm on Dec 7, 2009 (gmt 0)|
Have you taken down the search channel? That's the first thing I'd do.
Other than that, can't help you, but if you leave it up you risk Google seeing you as being involved.
| 3:38 pm on Dec 7, 2009 (gmt 0)|
As purplecape said, take it down immediately... as in right now.
| 3:39 pm on Dec 7, 2009 (gmt 0)|
I am sure that your local police will not be at all interested but I think at least having a record of a formal crime report is a good idea.
| 3:40 pm on Dec 7, 2009 (gmt 0)|
Remove the search box. It'll cost you money, but that's better than being banned. In fact, I'd remove any and all monetization from your site in the short term, because that person will likely be angry when the search is gone.
Gather up your server logs and see if you can identify IP numbers. If it's just one IP, or a block of IP numbers, maybe you can block them at the server level. If it's a bunch of them, you probably can't. (They could also be coming through proxy servers)
Send the whole shmear to AdSense support for investigation. Be prepared to lose that extra revenue.
| 3:42 pm on Dec 7, 2009 (gmt 0)|
And you don't "work it out with google." They'll work it out with you, if they see fit. You need to show some serious good faith gestures on your part before any of this will even happen though. Take down your search. If you have adsense ads, remove them. Be prepared to show server logs and kiss big time ass and you might be okay.
I've seen people banned for far less.
| 3:43 pm on Dec 7, 2009 (gmt 0)|
and what netmeg said...
| 4:00 pm on Dec 7, 2009 (gmt 0)|
Block the IPs generating this traffic too, send the letter to their ISP and possibly get them kicked off the web for an AUP violation as extortion is an illegal activity.
If you're in the US and they are too, the police can handle this easily.
If they're in a different state it's a federal issue, imagine when the FBI drops in for a chat with them ;)
| 5:03 pm on Dec 7, 2009 (gmt 0)|
I would block them via IP if possible and reply with a image of a middle finger... ;-)
[ok, so I'm making that up]
But do block them via IP and then report them to your local police for attempted extortion. Collect as much info as you can to aid in their investigation.
| 5:24 pm on Dec 7, 2009 (gmt 0)|
Thanks for the input everyone. Pulled AdSense for search and in the process of pulling the rest of click and impression ads to be replaced by sale based advertisements. Fired off an additional report of fraudulent clicks. Working to weed down the several GB's of logs over that date range to try to identify the offending IP address(es). Email was sent from Algeria. Extortion demand was to send money to Algeria. I seem to doubt that either local or federal authorities would be interested.
| 5:36 pm on Dec 7, 2009 (gmt 0)|
Well you sound like you're on top of it Chrispcritters.
Good luck and keep us posted.
| 5:46 pm on Dec 7, 2009 (gmt 0)|
I've have never had an extortion attempt but I have had a weird spike of traffic from a spam site to one of my more lucrative pages. The spam site didn't seem to rank for anything so it must have been some kind of fake traffic. I never did figure out their motive.
As others have recommended here, I blocked the site generating the traffic spikes and took Adsense off of the pages they targeted for awhile until they got bored and moved on. That seemed to work out. I lost some money for awhile on those pages but better that than to lose my whole Adsense account.
| 6:09 pm on Dec 7, 2009 (gmt 0)|
|Extortion demand was to send money to Algeria. I seem to doubt that either local or federal authorities would be interested. |
Don't be so surprised, think DHS, online cyber attacks are a real concern.
I would block Algeria in your .htaccess file for now to make sure they stay away.
| 6:20 pm on Dec 7, 2009 (gmt 0)|
Algeria is very strict ..they would be interested ( administrative languages are Arabic and French )..some English is spoken by some ..especially in govt departments ..and the people who deal with the web and ISP's there do understand written English as all their back end software stuff is in English ..
| 6:25 pm on Dec 7, 2009 (gmt 0)|
|Don't be so surprised, think DHS, online cyber attacks are a real concern. |
I should think that extortion demands would be a concern for Google, too, since they threaten the integrity and profits of the AdSense network. (Remember a few years ago, when Google cooperated with the feds to nail a guy who tried to extort money from Google?)
| 6:35 pm on Dec 7, 2009 (gmt 0)|
Sounds like we should all block Algeria. I know that these losers do not mean that all Algerians are bad people, but better to not take the chance.
| 6:36 pm on Dec 7, 2009 (gmt 0)|
If you know the originating ISP in Algeria..? or have the IP of the person who sent the the mail ..
And wish to contact me with them via sticky ( I dont need to know your site )..I can Phone the ISP tomorrow from here ( France ) to find out who you should forward a copy of the extortion mail to ..
extortion translates ( roughly ) as chantage in french
| 6:38 pm on Dec 7, 2009 (gmt 0)|
I can easily block the IP address used to send the email. Most of my traffic is international so I'm not ready to start blocking whole countries. I suspect that thousands of clicks would not have been "paid" if they all came from the same IP address. I suspect they're using a botnet. I won't be sure until I have time to dig through the logs.
[edited by: Chrispcritters at 6:44 pm (utc) on Dec. 7, 2009]
| 6:43 pm on Dec 7, 2009 (gmt 0)|
Leosghost, you ROCK! ;-)
| 6:45 pm on Dec 7, 2009 (gmt 0)|
Your logs may or may not show a thing.
If you don't have AdSense locked down to only accept clicks from your domain(s), they can simply copy a page from your site to somewhere else and then abuse it at will.
I would check to see if any URLs appear in AdSense channel reports that don't belong to your site.
| 6:46 pm on Dec 7, 2009 (gmt 0)|
Yeah, it wasn't locked down. It is now. That's a good idea to check.
| 6:48 pm on Dec 7, 2009 (gmt 0)|
|they can simply copy a page from your site to somewhere else |
incredibill makes a good point, and it could be a lot more than a single page that gets copied.
You might also want to fire up the "Allowed Sites" feature if you haven't already.
| 6:55 pm on Dec 7, 2009 (gmt 0)|
Since I don't see the revenue on my analytics account would that lead everyone to think they just ran the code on their own domain?
| 7:38 pm on Dec 7, 2009 (gmt 0)|
|Today I received an extortion letter indicating they'd stop if I pay them half the money. Otherwise they'd continue and get my account banned. |
That type of email makes me think you are not the only one they are trying extort. Why would they go through that for one website. How much can they posibly extort from you?
I think Google already has their sites on them.
| 1:10 am on Dec 8, 2009 (gmt 0)|
like someone said.. if it is across state lines call your local FBI outlet... they might just be interested in a good electronic black mail case.
| 5:14 am on Dec 9, 2009 (gmt 0)|
Maybe I'm missing something here but couldn't you send a copy of the email to Adsense? Just to show them proof of something going on? Isn't there a person from Adsense who often responds to this board? I would like to know what they have to say?
| 12:28 pm on Dec 9, 2009 (gmt 0)|
|but couldn't you send a copy of the email to Adsense? |
Maybe you could and then meet indifference, you could also meet a team totally frustrated by stupidity.
Until the world as a whole, agrees to block entirely some well known nations for allowing scammers.
Nothing will change!
| 12:50 pm on Dec 9, 2009 (gmt 0)|
I would be very surprised if you could work something out with adSense. I would suggest remove all ads from the site and wait for a couple of weeks, frustrate the extortionist ( as he goes to some other site ) and then put the ads back and hope for the best.
Unless you are premium publisher or some one with a good working relationship with the adSense team, you run the risk of being banned. The adSense team is not known to communicate well, listen to reason or apply any logical reasoning. At times their actions are bizzare and they take decisions to protect the integrity of their advertisers at the cost of any and every publisher. So be careful.
| 11:44 pm on Dec 9, 2009 (gmt 0)|
Just got a follow up letter from the extortion people. Even though I disabled all adsense on the site and set my account to only track clicks on my own domains they were still able to generate clicks. It's not being done on my server as there is no corresponding log entry. Google has not responded to any of my contact requests...
| 12:18 am on Dec 10, 2009 (gmt 0)|
Is there *any* chance you have been hacked? If you set your account not to display ads under your code on any other domains, then I don't know how else they'd be able to click. Make sure you exclude Google cache as well.
| This 42 message thread spans 2 pages: 42 (  2 ) > > |