homepage Welcome to WebmasterWorld Guest from 23.22.217.122
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Google / Google AdSense
Forum Library, Charter, Moderators: incrediBILL & jatar k & martinibuster

Google AdSense Forum

This 262 message thread spans 9 pages: < < 262 ( 1 [2] 3 4 5 6 7 8 9 > >     
How To Defend a Google AdSense Site From Click Bombing
jbayabas




msg:4651335
 12:20 pm on Mar 5, 2014 (gmt 0)

I may be a victim of clickbombing. I had an unusually high clicks in one of my sites yesterday.


28,520 page views and 437 clicks

This site usually only get 44 click on average.

I don't know what's going on and I don't know to find out if the clicks were valid.

What should i do on my end. I thought Adsense had a technology that filter invalid clicks.

 

jbayabas




msg:4652114
 9:40 pm on Mar 7, 2014 (gmt 0)

What's alarming is Google's silence. Perhaps, they don't want to alarm their shareholders. This sabotage seems to be serious. I hope Google figure out how to fix this soon.

netmeg




msg:4652122
 10:25 pm on Mar 7, 2014 (gmt 0)

They'd be worried about advertisers more than shareholders.

jbayabas




msg:4652130
 10:47 pm on Mar 7, 2014 (gmt 0)

Netmeg, is Adwords reporting also affected?

netmeg




msg:4652169
 1:47 am on Mar 8, 2014 (gmt 0)

Probably, but all my clients at the moment are B2B and none of them are advertising in the Display Network, so I can't say for sure. I know I get plenty of refunds at the end of the month just on search ads, so I have to think I'd probably be getting them in Display too.

Swanny007




msg:4652220
 5:46 am on Mar 8, 2014 (gmt 0)

I was "hit" again today with too many clicks. Mid-day one of my sites had a 50% CTR and another one had a higher than expected CTR, maybe 25%-ish.

An hour after noticing that, $150 in earnings were gone, CTRs dropped, and now everything looks 100% normal for the day.

Something is definitely up behind the scenes and Google is obviously aware of it, just not saying anything.

Honestly I can't say for sure it was click bombing because my logs are clean, nothing suspicious there. The only other possibility is the AdSense reporting is whacked big time. Like they rolled out some kind of algorithm on the AdSense side and it was bad. Given so many other folks are reporting fluctuating earnings and invalid clicks, I'm thinking the problem is on Google's end now.

jbayabas




msg:4652222
 5:50 am on Mar 8, 2014 (gmt 0)

One of my sites never got back to normal. The huge $500 earning is still there.

ken_b




msg:4652339
 7:19 pm on Mar 8, 2014 (gmt 0)

I asked this in the earnings/observations thread, but I'll ask here too.

What's the point of click bombing someone?

What benefit does the bomber get out of it?

(Yes, I got click-bombed this morning)

.

netmeg




msg:4652341
 7:55 pm on Mar 8, 2014 (gmt 0)

If it's really real clicks, it's probably aimed more at Google than at any of us.

But I'm increasingly thinking it's a reporting issue.

webcentric




msg:4652342
 7:59 pm on Mar 8, 2014 (gmt 0)

What's the point of click bombing someone?


The question may actually be, "Is this someone actually doing something or is it a simple (or maybe complex) bug in Google's own code?"

If it is a deliberate attack, perhaps it's a discovery process, or perhaps it's a coordinated effort to bring Google to it's knees. In a way, it looks like some grand scale DOS attack on an ad network. Or maybe guerrilla warfare would be a better analogy. Any way you slice it, it's an ugly situation. It it's a deliberate attack, this also could just be the "probing of the lines" phase. Hate to think of something worse waiting in the jungle, ready to launch a full out offensive once all the weaknesses have been exposed.

ken_b




msg:4652343
 8:00 pm on Mar 8, 2014 (gmt 0)

But I'm increasingly thinking it's a reporting issue.

Yeah, I wonder about that. The clicks keep adding up, even though the ad block has been gone for a couple hours, which could just be a delay in displaying the clicks in stats.

But in StatCounter my exit links are not showing these clicks at all.

adamxcl




msg:4652368
 10:37 pm on Mar 8, 2014 (gmt 0)

Got bombed again Friday. Third time in a week. Now, just after this last one, google.de shows up as alert that it is using my code and I didn't authorize it. Maybe they are doing some funky bookkeeping now.

tonyolm




msg:4652409
 5:27 am on Mar 9, 2014 (gmt 0)

Well I feel better now. I had some wild fluctuations in earnings for the last few days. Didn't know what may have been going on.

lzr0




msg:4652551
 11:28 pm on Mar 9, 2014 (gmt 0)

Guys, "saying me too" does not accomplish anything. Anyone tried to determine where are these "click bombs" originated?

Unfortunately, AdSense does not break down reports by IPs, but at least they do it by countries.
If go to Custom Channels in your AdSense account, select the day when you think you were targeted, and then go to Countries tab. You will see from country you get unusually high CTR.

In my case, I saw CTR from Denmark 300% while CTR from other countries was 3-5%. My statcounter confirmed one IP from Denmark visited many pages in my site, while other visitors visited just 1-2 pages. If you guys post your suspected source of this activity, we could see if is coming from one place or each of us has a different source.

Peanut45




msg:4652583
 3:54 am on Mar 10, 2014 (gmt 0)

I checked the stats for a few days ago when this happened again.

Country: US
Platform: Desktop
Ad network: Adwords
Bid Type: CPC
Ad types: Interestingly, split between text and images

The two affected ad units were created in April 2008.

I still think it's simply a glitch and not any kind of click-bombing.

lzr0, when were your affected unit(s) created?

webcentric




msg:4652725
 2:46 pm on Mar 10, 2014 (gmt 0)

Anyone tried to determine where are these "click bombs" originated


This question has been asked about both click-bombs and other invalid clicks and was one of my original suspicions because I block most non-us traffic and don't see this problem. I've seen replies that indicate that this can originate from the US just as well as anywhere else though.

G is admittedly constantly upgrading their click-fraud filters. When you're constantly changing your code, the possibility of introducing bugs just keeps going up. The glitch theory is gaining credibility in my mind but I also think you're asking the right kind of questions.

lzr0




msg:4652748
 3:07 pm on Mar 10, 2014 (gmt 0)

@Peanut45

Each of my pages has a separate AdSense channel; different ads were made at various years (some pages are 1 year old, some 10 years old). I know whenever click spikes occurred, ads on most pages were clicked because I saw hight CTR on most channels.

My AdSense reports showed high CTR specifically from Denmark while statcounter showed that someone from one Denmark IP visited 18 pages. All other visitors visited 1-3 pages. These two facts together make me believe it was not an AdSense glitch, but purposeful actions.

webcentric




msg:4652751
 3:39 pm on Mar 10, 2014 (gmt 0)

These two facts together make me believe it was not an AdSense glitch, but purposeful actions.


Question: Do you have any indication of what kind of time this visitor spent on the site? Did this happen in a matter of seconds or over a more human time frame?

Seems deliberate but the question is, is it a bot or a human and is this a click bomb or just a happy clicker? Some of these reported bombs equate to hundreds of clicks. I'm playing devil's advocate here because, I've also suspected place of origin where this discussion is concerned.

netmeg




msg:4652753
 3:39 pm on Mar 10, 2014 (gmt 0)

99% of my traffic comes from three countries - US, Canada and the UK. All the clickbomb activity (insofar as I can tell) comes from the US.

lzr0




msg:4652769
 4:50 pm on Mar 10, 2014 (gmt 0)

Question: Do you have any indication of what kind of time this visitor spent on the site? Did this happen in a matter of seconds or over a more human time frame?


My stats don't provide the length of individual visits (at least I could not figure out how to find it), but they do provide the OS and the dispaly size, which suggests a human. Yes, theoretically these clicks could be just a natural interest (maybe it's a kid). Those who report hundreds of clicks were probably affected by an automatic clicker.
It's pitty AdSense does not provide an option to block an IP.

jojy




msg:4652773
 5:41 pm on Mar 10, 2014 (gmt 0)

I am the victim of clickbombing since past 3 weeks. A bot is clicking on a single ads. I see over £60 earning in 30 mins and then within next few hours all earning is removed from my adsense account.

I found a US ip which were keep hitting my page, I blocked this IP but still no joy. For now, I have removed ads from my page.

ember




msg:4652776
 6:19 pm on Mar 10, 2014 (gmt 0)

How long can this attack, or whatever it is, go on?

netmeg




msg:4652813
 8:17 pm on Mar 10, 2014 (gmt 0)

Ok well by using a combination of Google Analytics and Piwik (or StatCounter) I believe I was able to nail down at least one piece of information. Unfortunately due to the charters of WebmasterWorld, I can't get into specifics, but I can tell you what I did.

So every time I noticed there was an inordinate number of clicks on one of my channels today, I went over to Google Analytics and looked in the Behavior section to find the page with the inflated click count. In the four situations that I managed to catch so far today, each was a taxonomy page that normally wouldn't have gotten many visits this time of year, let alone clicks. I then went back to Piwik to get the IP numbers of everyone who had visited that page today, and found one commonality (in this case, direct visits from a specific ISP in Ohio) with single page visits to all four pages today. That seemed odd, so I created a custom segment for direct visits via this particular ISP and checked it a couple other affected sites. Same thing. Now, I can't go back and look at previous dates because the fake earnings are taken out of Analytics just as they are out of AdSense, but I believe I have enough circumstantial evidence to warrant keeping an eye on this particular segment of traffic for a few days. (I also googled this ISP plus "bot" and found all kinds of old forum posts complaining about it, though none relating specifically to AdSense. It sounds like this ISP might be known for allowing some sketchy behaviors.)

So what I am going to do is have reports on this segment emailed to me every morning for a while to see if I can in any way determine if real humans are visiting via this ISP. (So far all the metrics for the visits, even going back into the past, are *exactly* the same - FF 18 browser, win7, 1024x768 resolution, etc etc - no variations. Each visit is only one page, although there are multiple visits per IP, and IPs do visit multiple pages - but never on the same visit)

Then I'm going to try blocking the ISP's entire IP block for a while, and see what happens. This is probably not ALL the invalid click activity, but I think it might be something. Maybe. Kinda.

I don't know yet if this is related to the click bombing or the invalid activity or both.

webcentric




msg:4652857
 11:15 pm on Mar 10, 2014 (gmt 0)

@netmeg -- That's a nice piece of detective work. Emphasizes that there is a small window of opportunity where this information is available for use in analysis. Maybe Google's been letting us see this data before eventually removing as a way of providing a clue to information they can't otherwise share with us (wild thought I know). That small window where the activity is being exposed to publishers, I suspect, has even more to reveal. Funny, the metrics indicate a desktop client which fits perfectly with some other observations made on this topic already. Anyone seen the box cover for this puzzle? LOL.

IanCP




msg:4652859
 11:24 pm on Mar 10, 2014 (gmt 0)

So what I am going to do is have reports on this segment emailed to me every morning for a while to see if I can in any way determine if real humans are visiting via this ISP

@netmeg you're a real thrilling detective - [that's a compliment Alice]

netmeg




msg:4652860
 11:38 pm on Mar 10, 2014 (gmt 0)

(ork ork) thanks...

When I mushed together all the data for all the visits from this ISP over the last 60 days, it boiled down to three IP numbers. Blocked.

We'll see what happens.

londrum




msg:4652867
 12:21 am on Mar 11, 2014 (gmt 0)

You know, of all the threads i've read in the past month that talk about click bombing, i haven't seen a single person say that they've been banned because of it. I got some crazy stats myself, and google told me not to worry about it. so I'm not worried about my crazy stats anymore. I dont think we need to do anything at all. Google seems to be aware that something is going on.

Personally, i think it might have something to do with this new click fraud company that they've bought. Maybe they are trying to integrate it, and its affecting their ability to filter all the usual fake clicks out. Instead of the clicks being discounted straight away, they are going through to our stats and dont get discounted until later. I reckon its just a simple reporting issue like that, and its making everyone panic unneccesarily

jojy




msg:4652868
 12:22 am on Mar 11, 2014 (gmt 0)

Can you post ip addresses so I can check them in my logs?

lzr0




msg:4652869
 12:36 am on Mar 11, 2014 (gmt 0)

I previously thought it was human, now I believe it is a bot. The stats show it visited every 1/2-1 hour during 24hr period visiting one page at a time without any referring url. The interesting thing is statcounter does not show google ad as an exit page. Apparently it somehow activates clicks without leaving the page.
The suspected IP 94.231.110.81 .
Unfortunately Yahoo hosting does not have an option to block IP. I guess I need to switch hosting.

webcentric




msg:4652870
 12:39 am on Mar 11, 2014 (gmt 0)

@londrum -- Can't say you don't have a pretty decent argument and others are making the same argument (myself included). But, this issue has caused an uproar and what was once mostly a dialog of panic and dismay is slowly becoming a more measured discussion. People have talked about making some rash decisions based on what's going on and I think some level-headed discussion is helping to remove some of the panic and perhaps keeping people from taking some unnecessarily drastic measures. One of the points that's come out several times is the one you're making. That being that Google doesn't seem to be putting this on publishers (other than what folks are seeing in the stats). Many may have seen the take-backs as some sort of unjustified punishment but the conversation here is pointing to something a bit more palatable. If nothing else, I think it's having a calming effect and many of us are in wait-and-see mode but also continuing to dig because we like puzzles I guess. ;)

Can you post ip addresses so I can check them in my logs?


I recall asking for anything specific (such as IP address, user agent or whatever) that would identify a culprit in this awhile back. Seems, it's taken this long for anyone to actually find a way to nail down a possible source. We'll see if it pans out but there may be ways we can address some of this on our own. Time will tell I guess.

webcentric




msg:4652871
 12:46 am on Mar 11, 2014 (gmt 0)

The suspected IP...


According to IP Tracker's Blacklist Checker, that IP is in Denmark but is not blacklisted. I used to get quite a few hacking attempts from Denmark and when I get a chance, I'm going to look at my firewall rules and see if I might have added that specific IP to a rule at some point.

ember




msg:4652878
 1:14 am on Mar 11, 2014 (gmt 0)

99% of my traffic is from the U.S. The last few days I've had IPs from Russia and the Netherlands and a Washington IP that is generating a lot of pageviews every day. I've blocked them all, but I'm still seeing wild fluctuations.

This 262 message thread spans 9 pages: < < 262 ( 1 [2] 3 4 5 6 7 8 9 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google AdSense
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved