incrediBILL - 7:16 pm on Jul 7, 2006 (gmt 0)

fraud doesn't disproportionately come from low traffic sites, quite the opposite is true

I concur as the low traffic sites with maybe a few hundred visitors a day should be easier to spot fraud as they would statistically skew the norm and set off a flag to be scrutinized carefully.

It would most certainly be easier to slip in some click fraud on a site with 10,000+ visitors a day as long as you didn't get greedy, to bolster your bottom line as reviewing 1,000 IPs/day that clicked, assuming a 10% click rate, would be a daunting task opposed to 100 clicks or less on a low volume site.

I don't think the issue is one idiot sitting at his desk clicking away as that's too easy to track as the same IP clicking over and over and over would/should set off an alarm.

How would the clicker get around this?

Open proxy server to the rescue.

Google could, assuming they aren't already, block proxies like I do on my website. This would block clicks from open proxy servers or CGI proxies and/or just discard those clicks if you didn't want to expose you were blocking them. Those proxy servers are what your competitors might use to keep hidden, a malicious clicker trying to boot you from AdSense, or a clickbot running from a desktop or server could use to remain anonymous, and there are a LOT of open proxies out there.

Imagine someone had a script (and they probably do) just to issue a random click per IP over maybe 100 different proxy servers a day, and your topic had an average of $1/click. That could add up to some serious coin by the end of the month. Therefore, dropping proxies from the loop closes one potential hole but still leaves click rings and trojan click bots, but you have to start somewhere.