| 4:51 pm on Apr 2, 2014 (gmt 0)|
|Right now my site is redirected from www.example.com to example.com. I wanted it to be the other way around but for some reason it is not possible without crashing everything. |
Are you using Wordpress? Go to General Setting, under Site Address and Wordpress Address fields, input www.example.com
Sites www and without www are two different sites which should be included on your authorized lists.
| 6:16 pm on Apr 3, 2014 (gmt 0)|
I'm just about 100% sure that some invalid clicks (call it a click bomb if you like) came from a cloud host in New York called DigitalOcean. This hosting company is mentioned more than once in the Search Engine Spider and User Agent Identification Server Farm threads so it appears to be a problem generally. Here's the first ranges I've identified but there are others as well. It's worth checking your logs for IP's in this range. Search DigitalOcean here on WebmasterWorld for more info.
188.8.131.52/19 -- Corrected
[edited by: webcentric at 6:44 pm (utc) on Apr 3, 2014]
| 6:32 pm on Apr 3, 2014 (gmt 0)|
webcentric, I think you'll find it's 184.108.40.206/19 not /18
| 6:46 pm on Apr 3, 2014 (gmt 0)|
Thanks Lame_Wolf -- corrected that above after re-checking ARIN. Think I typo'd that.
| 6:57 pm on Apr 3, 2014 (gmt 0)|
No problem :)
| 9:51 pm on Apr 4, 2014 (gmt 0)|
I banned an IP range that was suspicious to me via cPanel (IP Deny Manager). Is that enough? I'm not really sure if it works, but the folks from my hosting company said that it should be enough to prevent anyone using IPs from the range I banned to access my sites.
Anyone done it this way?
| 9:58 pm on Apr 6, 2014 (gmt 0)|
bots are back again, tons of invalid clicks on all sites, and i'm using anti-aws htaccess code, well it was good while it lasted
| 3:16 am on Apr 7, 2014 (gmt 0)|
@HowYesNo et al
This problem is much larger than AWS. Look, there are collocation facilities all over the world, cloud hosts, traditional hosting companies, etc. Any one of them can host a bad bot. Over in the
Search Engine Spider and User Agent Identification forum, you'll find an ongoing thread dedicated to Server Farms which is a sort of a catchall term for these types of operations. Here's the forum link.
So, the bottom line is, if you really want to stop this, you're gonna have to educate yourself about this kind of threat. These types of facilities aren't Internet Service Providers (which send real people to your website). They are homes for websites and programs (like spiders and robots and crawlers, oh my) which, at best, have no real bearing on the operations of your website, or, on the darker side, are capable of causing your Adsense account to go into spasms, scraping your content, burning your bandwidth and other server resources and generally messing up your day.
It's a big subject but one thing I've found already is that if you can start by blocking countries that don't fit into your business plan, you'll eliminate large numbers of these Server Farms without ever having to identify them individually. And that's just the tip of the iceberg but it's as good a place as any to good start.
| 8:17 am on Apr 11, 2014 (gmt 0)|
Hi I'm new to this forum. First of all I'd like to thank all the people who've been sharing their expertise, helping everybody out through the click bombing in March.
I've been blocking IPs like crazy and my Adsense account improved some but not quite. Now I've discovered that I've been manually targeted too. I think it's manual because it comes mainly from search and follows different patterns.
It's traffic coming from India and Indonesia (which is like a joke for my website). They use Opera Mini as a browser with Opera Software ASA as their service provider and it's been going on since the beginning of the year.
Just ckeck if you are getting any suspicious activity coming from Opera Mini + Opera Software ASA. This might be a widespread kind of click fraud.
| 8:58 am on Apr 11, 2014 (gmt 0)|
If you block them, they try to access your ads from Google cache. So make sure you block webcache.googleusercontent.com in your Adsense account.
| 12:45 pm on Apr 11, 2014 (gmt 0)|
Or use NOARCHIVE. As far as I'm concerned, there's absolutely no reason for Google to keep a cache of my pages (particularly since they are time sensitive) so I have every page on almost every site noarchived.
| 4:27 pm on Apr 11, 2014 (gmt 0)|
Thanks Netmeg. I'm going to do that. That way they'll get no access whatsoever to my site and they'll have to give up.
It's been a steady 1000 visits/month since January 4. Not a lot, given the volume of traffic that I get but enough to cause a lot of harm. It's like zero visits before that date and all of a sudden there's a regular influx of visitors from those countries.
| 1:12 am on Apr 13, 2014 (gmt 0)|
I banned Opera Software ASA and am not serving ads to mobile. Most of the traffic from India vanished, but now I'm getting lots of weird desktop visits from Nigeria, Ucraine, Thailand... so it seems that it goes on, and on, and on. I'm blocking all those countries in DFP. We'll see if that works.
| 2:23 am on Apr 13, 2014 (gmt 0)|
|Most of the traffic from India vanished, but now I'm getting lots of weird desktop visits from Nigeria, Ucraine, Thailand |
What area of the world are you actually interested in doing business with (e.g. serving ads to)? Is your site even applicable to people in those countries? Blocking countries in DFP (whatever that means, I'm no DFP expert) won't keep people from those countries off your site. You can block a great deal of Africa and South America with a few simple lines in your .htaccess file. Blocking countries in Asia or Europe or North America (if you really wanted to) is a bit more complex but it is possible to trim the world down to a size that's acceptable for your business model. Any kind of blocking strategy should begin by considering the scope of your target audience. Why bother blocking a hosting company in Nigeria for example if you have no interest in traffic from south of the Equator? So, back to my initial question. What part of the world are you interested in marketing to?
| 10:46 am on Apr 13, 2014 (gmt 0)|
Hi webcentric, thanks for replying. My site is educational/cultural. I'm making ad money from Western Europe and the Americas and that's where most of my traffic comes from. But then I've got a small but very engaged readership in other countries. It's no problem to block ads there because I'm not getting any money from them anyway but it'd be wrong to ban access to my contents since it's still important that, say, a Russian professor is able to point her students to my site for reference.
Things were working out quite well until recently. People were getting free contents, I was getting ad money (and building authority) and everyone was happy. But now this whole click-fraud thing is draining so much time and attention from my aim, which is writing, that I'm considering giving up Adsense entirely and looking for other ways of monetization.
| 1:27 pm on Apr 13, 2014 (gmt 0)|
Can't hurt to do that anyway.
| 2:46 pm on Apr 13, 2014 (gmt 0)|
Thanks netmeg. I've been reading what you said about building your own mailing list and I've started already. My SERPS used to be very good but since this Adsense crisis began they've become less reliable. I wonder if both things are related.
| 11:40 pm on Apr 13, 2014 (gmt 0)|
I got 99 problems but SERPs ain't one.
| 4:40 pm on Apr 15, 2014 (gmt 0)|
Got to say I appreciate everyone's posts on here. Your experience is my education.
Do have one amateur question for sise, How were you able to block/Ban Opera Software ASA? thanks
| 6:51 pm on Apr 15, 2014 (gmt 0)|
Also seeing this happening to my Adsense - it is most noticeable early in the reporting day for Adsense and then tends to even itself out.
I've seen it for much of this year - didn't notice it on Adsense prior to that, but have noticed wierd results on Analytics experiments - I tend to segment into Mobile, Desktop and Tablet and the unusual behaviour seemed to show in the tablet segment (where numbers are small), with tablet results for an experiment often being the opposite of those for desktop and mobile.
| 9:50 pm on Apr 15, 2014 (gmt 0)|
I'm banning IPs in IPtables since this should be faster than .htacces. You just need to ssh into your server and copy/paste the following:
sudo iptables -A INPUT -s XXX.XX.XXX.XX -j DROP
Substitute an IP or CIDR for XX.
Are you guys seeing these manual clickers from exotic countries?
| 2:19 pm on Apr 16, 2014 (gmt 0)|
I was kinda hoping you had the CIDR range and could share. Searched for it here and was unable to. I have over 60 individual hits each day with 100% Bounce rate and shows it has not spend anytime at all. Most are from Mobile carriers. Its the ones like Opera Software ASA that visit more than once with 100% bounce rate that annoys me.
I see revenue and clicks disappearing everyday more than once a day... hoping to figure some of this out.
| 2:37 pm on Apr 16, 2014 (gmt 0)|
|I was kinda hoping you had the CIDR range |
Take the IP address from one of these hits and put it into ARIN's Whois search field and click enter. ARIN may tell you to see another RIR but it's a start anyway. Repeat for other hits from other IP's not in the range returned by the Whois query. If you stumble across a server farm while doing this, do a search for that server farm (e.g. colo facility, cloud host, etc.) here on WebmasterWorld and you'll probably find a discussion on that server farm complete with ranges. That process can help you find a lot of the information you seek.
| 3:26 pm on Apr 16, 2014 (gmt 0)|
A CIDR range for Opera? Am I misunderstanding? Opera is a browser identifier and CIDR refers to IP numbers.
| 7:36 pm on Apr 16, 2014 (gmt 0)|
I took the question to be based on invalid click activity which points to bots. That led me to my current reaction which is to see where this is coming from. So, I'd look for common IP addresses or blocks associated with this user agent if the user agent seems suspiciously active. The user agent may be raising red flags because of it's frequency in the logs or whatever but it's where the visit hails from that really cuts to the chase more often than not.
| 8:28 pm on Apr 16, 2014 (gmt 0)|
@jaxer: you just need to google for it and you'll get the most updated version. It's really best for you to look up yours since they can be different from mine.
| 8:35 pm on Apr 16, 2014 (gmt 0)|
@netmeg: the thing is Opera Mini browser uses Opera servers as a proxy. They fetch a webpage for you and serve an optimized version of it. Adsense was initially reluctant to serve ads to Opera Mini because that kind of thing raised fraud concerns. You can ban it because no one uses that browser these days.
This is different from bots. It looks like humans accessing webpages through search or direct traffic from countries like India, Indonesia and Nigeria. They probably game Adsense into believing the ads are served to high-paying countries. Otherwise it'd make no sense to have people clicking on ads in countries were there's no advertising revenue.
| 1:19 am on Apr 17, 2014 (gmt 0)|
Appreciate the help. Thank You for all the responses.
I have been looking in my Google analytics and find the names like "a100 row servicos de dados brasil ltda" has come to my site 13 times, spent no time and shows a 100% bounce rate.(does not show IP) I searched Here and came up empty, a quick Bing search shows:
So I grabbed an IP (from the list), put it into ARIN(like webcentric said to do) and it spits out:
So I add this to my ever Growing DENY List.
I am hoping I am doing this right, is there anything I am missing. Thanks again for all the replies.
|wa desert rat|
| 4:31 pm on Apr 17, 2014 (gmt 0)|
Denying 220.127.116.11/8 will block every user from Brasil Telecom to your website. Your potential abuser was from the Brazil Amazon AWS system and those can be blocked separately by entering this CIDR instead: 177.71.128/17
Unless, of course, you don't want anyone who subscribes to the Internet using Brasil Telecom (most of Brazil) looking at your website. I have had systems where I blocked all of Russia, all of China, all of Korea, etc. It depends upon what you want.
The IP address you posted should be restated 18.104.22.168 and then entered into the ARIN whois search window (or just type "whois 22.214.171.124" into the command line of a Linux computer) to return the listing for Amazon AWS in Brazil.
There is an abuse email address for that subnet also. By rights you should email them and let them know what you're doing and why. Maybe they'll fix it. Although I have sent hundreds of emails to abuse addresses and have never once had them even acknowledge it let alone tell me they've fixed it.
| 7:10 pm on Apr 17, 2014 (gmt 0)|
@Jaxter When you ran your query in ARIN, you might have noticed that the returned record says "Allocated to LACNIC." With that information, you can jump over to the LACNIC whois search page and re-run the query there. ARIN told you where the records for the entire /8 block are maintained in this case. If you want to get more granular, you need to consult the registry that maintains the records. Having said that, I block everything from 177/8 but you may or may not want to do that.
Here is the IANA IPv4 Address Space Registry report [iana.org] which tells you which registries maintain which /8 blocks. Below are links to each of the 5 registry Whois pages.
For some reason bbcode doesn't like the https in the following URL
RIPE NCC -- https://apps.db.ripe.net/search/query.html
| 12:29 am on Apr 18, 2014 (gmt 0)|
Just a tip for OSX users - the Network Utilities App included with the OS offers you a desktop Whois for ARIN, RIPE and APNIC. It has been so handy when finding out who is where and what to block.
| This 262 message thread spans 9 pages: < < 262 ( 1 2 3 4 5 6 7  9 ) > > |