homepage Welcome to WebmasterWorld Guest from 54.211.213.10
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Google / Google AdSense
Forum Library, Charter, Moderators: incrediBILL & jatar k & martinibuster

Google AdSense Forum

This 262 message thread spans 9 pages: < < 262 ( 1 2 3 4 5 6 7 [8] 9 > >     
How To Defend a Google AdSense Site From Click Bombing
jbayabas




msg:4651335
 12:20 pm on Mar 5, 2014 (gmt 0)

I may be a victim of clickbombing. I had an unusually high clicks in one of my sites yesterday.


28,520 page views and 437 clicks

This site usually only get 44 click on average.

I don't know what's going on and I don't know to find out if the clicks were valid.

What should i do on my end. I thought Adsense had a technology that filter invalid clicks.

 

jbayabas




msg:4659544
 4:51 pm on Apr 2, 2014 (gmt 0)

Right now my site is redirected from www.example.com to example.com. I wanted it to be the other way around but for some reason it is not possible without crashing everything.


Are you using Wordpress? Go to General Setting, under Site Address and Wordpress Address fields, input www.example.com

Sites www and without www are two different sites which should be included on your authorized lists.

webcentric




msg:4660018
 6:16 pm on Apr 3, 2014 (gmt 0)

I'm just about 100% sure that some invalid clicks (call it a click bomb if you like) came from a cloud host in New York called DigitalOcean. This hosting company is mentioned more than once in the Search Engine Spider and User Agent Identification Server Farm threads so it appears to be a problem generally. Here's the first ranges I've identified but there are others as well. It's worth checking your logs for IP's in this range. Search DigitalOcean here on WebmasterWorld for more info.

198.199.64.0/18
198.211.96.0/19 -- Corrected
192.34.56.0/21

[edited by: webcentric at 6:44 pm (utc) on Apr 3, 2014]

Lame_Wolf




msg:4660021
 6:32 pm on Apr 3, 2014 (gmt 0)

webcentric, I think you'll find it's 198.211.96.0/19 not /18

webcentric




msg:4660024
 6:46 pm on Apr 3, 2014 (gmt 0)

Thanks Lame_Wolf -- corrected that above after re-checking ARIN. Think I typo'd that.

Lame_Wolf




msg:4660026
 6:57 pm on Apr 3, 2014 (gmt 0)

No problem :)

EmptyRoom




msg:4660516
 9:51 pm on Apr 4, 2014 (gmt 0)

I banned an IP range that was suspicious to me via cPanel (IP Deny Manager). Is that enough? I'm not really sure if it works, but the folks from my hosting company said that it should be enough to prevent anyone using IPs from the range I banned to access my sites.

Anyone done it this way?

HowYesNo




msg:4660968
 9:58 pm on Apr 6, 2014 (gmt 0)

bots are back again, tons of invalid clicks on all sites, and i'm using anti-aws htaccess code, well it was good while it lasted

webcentric




msg:4661004
 3:16 am on Apr 7, 2014 (gmt 0)

@HowYesNo et al

This problem is much larger than AWS. Look, there are collocation facilities all over the world, cloud hosts, traditional hosting companies, etc. Any one of them can host a bad bot. Over in the
Search Engine Spider and User Agent Identification forum, you'll find an ongoing thread dedicated to Server Farms which is a sort of a catchall term for these types of operations. Here's the forum link.

[webmasterworld.com ]

So, the bottom line is, if you really want to stop this, you're gonna have to educate yourself about this kind of threat. These types of facilities aren't Internet Service Providers (which send real people to your website). They are homes for websites and programs (like spiders and robots and crawlers, oh my) which, at best, have no real bearing on the operations of your website, or, on the darker side, are capable of causing your Adsense account to go into spasms, scraping your content, burning your bandwidth and other server resources and generally messing up your day.

It's a big subject but one thing I've found already is that if you can start by blocking countries that don't fit into your business plan, you'll eliminate large numbers of these Server Farms without ever having to identify them individually. And that's just the tip of the iceberg but it's as good a place as any to good start.

sise




msg:4662266
 8:17 am on Apr 11, 2014 (gmt 0)

Hi I'm new to this forum. First of all I'd like to thank all the people who've been sharing their expertise, helping everybody out through the click bombing in March.

I've been blocking IPs like crazy and my Adsense account improved some but not quite. Now I've discovered that I've been manually targeted too. I think it's manual because it comes mainly from search and follows different patterns.

It's traffic coming from India and Indonesia (which is like a joke for my website). They use Opera Mini as a browser with Opera Software ASA as their service provider and it's been going on since the beginning of the year.

Just ckeck if you are getting any suspicious activity coming from Opera Mini + Opera Software ASA. This might be a widespread kind of click fraud.

sise




msg:4662268
 8:58 am on Apr 11, 2014 (gmt 0)

If you block them, they try to access your ads from Google cache. So make sure you block webcache.googleusercontent.com in your Adsense account.

netmeg




msg:4662307
 12:45 pm on Apr 11, 2014 (gmt 0)

Or use NOARCHIVE. As far as I'm concerned, there's absolutely no reason for Google to keep a cache of my pages (particularly since they are time sensitive) so I have every page on almost every site noarchived.

sise




msg:4662350
 4:27 pm on Apr 11, 2014 (gmt 0)

Thanks Netmeg. I'm going to do that. That way they'll get no access whatsoever to my site and they'll have to give up.

It's been a steady 1000 visits/month since January 4. Not a lot, given the volume of traffic that I get but enough to cause a lot of harm. It's like zero visits before that date and all of a sudden there's a regular influx of visitors from those countries.

sise




msg:4662680
 1:12 am on Apr 13, 2014 (gmt 0)

I banned Opera Software ASA and am not serving ads to mobile. Most of the traffic from India vanished, but now I'm getting lots of weird desktop visits from Nigeria, Ucraine, Thailand... so it seems that it goes on, and on, and on. I'm blocking all those countries in DFP. We'll see if that works.

webcentric




msg:4662682
 2:23 am on Apr 13, 2014 (gmt 0)

Most of the traffic from India vanished, but now I'm getting lots of weird desktop visits from Nigeria, Ucraine, Thailand


What area of the world are you actually interested in doing business with (e.g. serving ads to)? Is your site even applicable to people in those countries? Blocking countries in DFP (whatever that means, I'm no DFP expert) won't keep people from those countries off your site. You can block a great deal of Africa and South America with a few simple lines in your .htaccess file. Blocking countries in Asia or Europe or North America (if you really wanted to) is a bit more complex but it is possible to trim the world down to a size that's acceptable for your business model. Any kind of blocking strategy should begin by considering the scope of your target audience. Why bother blocking a hosting company in Nigeria for example if you have no interest in traffic from south of the Equator? So, back to my initial question. What part of the world are you interested in marketing to?

sise




msg:4662705
 10:46 am on Apr 13, 2014 (gmt 0)

Hi webcentric, thanks for replying. My site is educational/cultural. I'm making ad money from Western Europe and the Americas and that's where most of my traffic comes from. But then I've got a small but very engaged readership in other countries. It's no problem to block ads there because I'm not getting any money from them anyway but it'd be wrong to ban access to my contents since it's still important that, say, a Russian professor is able to point her students to my site for reference.

Things were working out quite well until recently. People were getting free contents, I was getting ad money (and building authority) and everyone was happy. But now this whole click-fraud thing is draining so much time and attention from my aim, which is writing, that I'm considering giving up Adsense entirely and looking for other ways of monetization.

netmeg




msg:4662712
 1:27 pm on Apr 13, 2014 (gmt 0)

Can't hurt to do that anyway.

sise




msg:4662722
 2:46 pm on Apr 13, 2014 (gmt 0)

Thanks netmeg. I've been reading what you said about building your own mailing list and I've started already. My SERPS used to be very good but since this Adsense crisis began they've become less reliable. I wonder if both things are related.

netmeg




msg:4662766
 11:40 pm on Apr 13, 2014 (gmt 0)

I got 99 problems but SERPs ain't one.

Jaxer




msg:4663197
 4:40 pm on Apr 15, 2014 (gmt 0)

Got to say I appreciate everyone's posts on here. Your experience is my education.

Do have one amateur question for sise, How were you able to block/Ban Opera Software ASA? thanks

IanTurner




msg:4663327
 6:51 pm on Apr 15, 2014 (gmt 0)

Also seeing this happening to my Adsense - it is most noticeable early in the reporting day for Adsense and then tends to even itself out.

I've seen it for much of this year - didn't notice it on Adsense prior to that, but have noticed wierd results on Analytics experiments - I tend to segment into Mobile, Desktop and Tablet and the unusual behaviour seemed to show in the tablet segment (where numbers are small), with tablet results for an experiment often being the opposite of those for desktop and mobile.

sise




msg:4663363
 9:50 pm on Apr 15, 2014 (gmt 0)

I'm banning IPs in IPtables since this should be faster than .htacces. You just need to ssh into your server and copy/paste the following:

sudo iptables -A INPUT -s XXX.XX.XXX.XX -j DROP

Substitute an IP or CIDR for XX.

Are you guys seeing these manual clickers from exotic countries?

Jaxer




msg:4663522
 2:19 pm on Apr 16, 2014 (gmt 0)

I was kinda hoping you had the CIDR range and could share. Searched for it here and was unable to. I have over 60 individual hits each day with 100% Bounce rate and shows it has not spend anytime at all. Most are from Mobile carriers. Its the ones like Opera Software ASA that visit more than once with 100% bounce rate that annoys me.

I see revenue and clicks disappearing everyday more than once a day... hoping to figure some of this out.

webcentric




msg:4663535
 2:37 pm on Apr 16, 2014 (gmt 0)

I was kinda hoping you had the CIDR range


Take the IP address from one of these hits and put it into ARIN's Whois search field and click enter. ARIN may tell you to see another RIR but it's a start anyway. Repeat for other hits from other IP's not in the range returned by the Whois query. If you stumble across a server farm while doing this, do a search for that server farm (e.g. colo facility, cloud host, etc.) here on WebmasterWorld and you'll probably find a discussion on that server farm complete with ranges. That process can help you find a lot of the information you seek.

netmeg




msg:4663549
 3:26 pm on Apr 16, 2014 (gmt 0)

A CIDR range for Opera? Am I misunderstanding? Opera is a browser identifier and CIDR refers to IP numbers.

webcentric




msg:4663613
 7:36 pm on Apr 16, 2014 (gmt 0)

I took the question to be based on invalid click activity which points to bots. That led me to my current reaction which is to see where this is coming from. So, I'd look for common IP addresses or blocks associated with this user agent if the user agent seems suspiciously active. The user agent may be raising red flags because of it's frequency in the logs or whatever but it's where the visit hails from that really cuts to the chase more often than not.

sise




msg:4663616
 8:28 pm on Apr 16, 2014 (gmt 0)

@jaxer: you just need to google for it and you'll get the most updated version. It's really best for you to look up yours since they can be different from mine.

sise




msg:4663617
 8:35 pm on Apr 16, 2014 (gmt 0)

@netmeg: the thing is Opera Mini browser uses Opera servers as a proxy. They fetch a webpage for you and serve an optimized version of it. Adsense was initially reluctant to serve ads to Opera Mini because that kind of thing raised fraud concerns. You can ban it because no one uses that browser these days.

This is different from bots. It looks like humans accessing webpages through search or direct traffic from countries like India, Indonesia and Nigeria. They probably game Adsense into believing the ads are served to high-paying countries. Otherwise it'd make no sense to have people clicking on ads in countries were there's no advertising revenue.

Jaxer




msg:4663704
 1:19 am on Apr 17, 2014 (gmt 0)

Appreciate the help. Thank You for all the responses.

I have been looking in my Google analytics and find the names like "a100 row servicos de dados brasil ltda" has come to my site 13 times, spent no time and shows a 100% bounce rate.(does not show IP) I searched Here and came up empty, a quick Bing search shows:
ec2-177-71-197-231.sa-east-1.compute.amazonaws.com, www.amazon.com

So I grabbed an IP (from the list), put it into ARIN(like webcentric said to do) and it spits out:

CIDR 177.0.0.0/8

So I add this to my ever Growing DENY List.

I am hoping I am doing this right, is there anything I am missing. Thanks again for all the replies.

wa desert rat




msg:4663877
 4:31 pm on Apr 17, 2014 (gmt 0)

Denying 177.0.0.0/8 will block every user from Brasil Telecom to your website. Your potential abuser was from the Brazil Amazon AWS system and those can be blocked separately by entering this CIDR instead: 177.71.128/17

Unless, of course, you don't want anyone who subscribes to the Internet using Brasil Telecom (most of Brazil) looking at your website. I have had systems where I blocked all of Russia, all of China, all of Korea, etc. It depends upon what you want.

The IP address you posted should be restated 177.71.197.231 and then entered into the ARIN whois search window (or just type "whois 177.71.197.231" into the command line of a Linux computer) to return the listing for Amazon AWS in Brazil.

There is an abuse email address for that subnet also. By rights you should email them and let them know what you're doing and why. Maybe they'll fix it. Although I have sent hundreds of emails to abuse addresses and have never once had them even acknowledge it let alone tell me they've fixed it.

Craig

webcentric




msg:4663918
 7:10 pm on Apr 17, 2014 (gmt 0)

@Jaxter When you ran your query in ARIN, you might have noticed that the returned record says "Allocated to LACNIC." With that information, you can jump over to the LACNIC whois search page and re-run the query there. ARIN told you where the records for the entire /8 block are maintained in this case. If you want to get more granular, you need to consult the registry that maintains the records. Having said that, I block everything from 177/8 but you may or may not want to do that.

Here is the IANA IPv4 Address Space Registry report [iana.org] which tells you which registries maintain which /8 blocks. Below are links to each of the 5 registry Whois pages.

AFRINIC [afrinic.net]

APNIC [wq.apnic.net]

ARIN [whois.arin.net]

LACNIC [lacnic.net]

For some reason bbcode doesn't like the https in the following URL
RIPE NCC -- https://apps.db.ripe.net/search/query.html

not2easy




msg:4663978
 12:29 am on Apr 18, 2014 (gmt 0)

Just a tip for OSX users - the Network Utilities App included with the OS offers you a desktop Whois for ARIN, RIPE and APNIC. It has been so handy when finding out who is where and what to block.

This 262 message thread spans 9 pages: < < 262 ( 1 2 3 4 5 6 7 [8] 9 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google AdSense
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved