homepage Welcome to WebmasterWorld Guest from 54.198.42.105
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Yahoo / Yahoo Search Marketing Pay Per Click Advertising
Forum Library, Charter, Moderators: werty

Yahoo Search Marketing Pay Per Click Advertising Forum

    
Identifying Click Fraud
Frank_Rizzo




msg:3353976
 10:50 pm on May 30, 2007 (gmt 0)

I run a low budget campaign (£100 / $200) pm. I'm pretty sure most of the clicks I get (one to two dozen or so a day) are frauds but how can I be sure?

I look at the access logfile and I see a click come but the user doesn't visit many other pages. That's fair enough - they came, they didn't like what they saw, and went.

But then a few minutes later they are back with the same click, maybe read one page and go. A few minutes later....

Here's an example:

123.234.345.456 - - [30/May/2007:21:19:40 +0100] "GET /widget_blue_food.php?type=feed&OVRAW=widget%20blue%20food&OVKEY=widget%20blue%20system&OVMTC=standard HTTP/1.1" 200 16456 "http://uk.search.yahoo.com/search?p=widget+blue+food&ei=UTF-8&fr=yfp-t-501&x=wrt&meta=vc%3D" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" 0 widgets.co.uk "-" "-"
123.234.345.456 - - [30/May/2007:21:19:41 +0100] "GET /favicon.ico HTTP/1.1" 200 894 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" 0 widgets.co.uk "-" "-"
123.234.345.456 - - [30/May/2007:21:19:42 +0100] "GET /favicon.ico HTTP/1.1" 304 - "-" "Mozilla/5.0 (compatible; Google Desktop)" 0 widgets.co.uk "-" "-"
123.234.345.456 - - [30/May/2007:21:19:44 +0100] "GET /todays_news.php HTTP/1.1" 200 25660 "http://www.widgets.co.uk/widget_blue_food.php?type=feed&OVRAW=widget%20blue%20food&OVKEY=widget%20blue%20system&OVMTC=standard" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" 0 widgets.co.uk "-" "-"
123.234.345.456 - - [30/May/2007:21:19:49 +0100] "GET /widget_blue_food.php?type=feed&OVRAW=widget%20blue%20food&OVKEY=widget%20blue%20system&OVMTC=standard HTTP/1.1" 200 16456 "http://uk.search.yahoo.com/search?p=widget+blue+food&ei=UTF-8&fr=yfp-t-501&x=wrt&meta=vc%3D" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" 0 widgets.co.uk "-" "-"
123.234.345.456 - - [30/May/2007:21:19:52 +0100] "GET /todays_news.php HTTP/1.1" 200 25660 "http://www.widgets.co.uk/widget_blue_food.php?type=feed&OVRAW=widget%20blue%20food&OVKEY=widget%20blue%20system&OVMTC=standard" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" 0 widgets.co.uk "-" "-"
123.234.345.456 - - [30/May/2007:21:19:56 +0100] "GET /todays_news.php?course_list=ALL&ratings_show=TOP&ratings_expired=include&ratings_sort=RTN&ratings_sort_races=CRS HTTP/1.1" 200 25660 "http://www.widgets.co.uk/todays_news.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" 0 widgets.co.uk "-" "-"
123.234.345.456 - - [30/May/2007:21:20:18 +0100] "GET /signup/widgets_subscription.php HTTP/1.1" 200 25188 "http://www.widgets.co.uk/todays_news.php?course_list=ALL&ratings_show=TOP&ratings_expired=include&ratings_sort=RTN&ratings_sort_races=CRS" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" 0 widgets.co.uk "-" "-"
123.234.345.456 - - [30/May/2007:21:20:21 +0100] "GET /todays_news.php?course_list=ALL&ratings_show=TOP&ratings_expired=include&ratings_sort=RTN&ratings_sort_races=CRS HTTP/1.1" 200 25660 "http://www.widgets.co.uk/todays_news.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" 0 widgets.co.uk "-" "-"
123.234.345.456 - - [30/May/2007:21:20:23 +0100] "GET /todays_news.php HTTP/1.1" 200 25660 "http://www.widgets.co.uk/widget_blue_food.php?type=feed&OVRAW=widget%20blue%20food&OVKEY=widget%20blue%20system&OVMTC=standard" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" 0 widgets.co.uk "-" "-"
123.234.345.456 - - [30/May/2007:21:20:25 +0100] "GET /widget_blue_food.php?type=feed&OVRAW=widget%20blue%20food&OVKEY=widget%20blue%20system&OVMTC=standard HTTP/1.1" 200 16456 "http://uk.search.yahoo.com/search?p=widget+blue+food&ei=UTF-8&fr=yfp-t-501&x=wrt&meta=vc%3D" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" 0 widgets.co.uk "-" "-"

To me it looks like this:

21:19:40 User lands on widget_blue_food page via clicked ad
21:19:41 Favicon retrieved by IE7 Browser
21:19:41 Favicon retrieved by Google Desktop
21:19:44 User navigates to todays_news page
21:19:49 User lands on widget_blue_food page via clicked ad
21:19:52 User navigates to todays_news page
21:19:56 User modifies options and reloads todays_news page
21:20:18 User visits shop page
21:20:21 User returns to todays_news page
21:20:23 User lands on todays_news page from widget_blue_food page
21:20:25 User lands on widget_blue_food page via clicked ad

If this is genuine then fair enough. But have I been charged three times for the click thru's at

21:19:40
21:19:49
21:20:25

 

aeiouy




msg:3354084
 2:08 am on May 31, 2007 (gmt 0)

Probably not going to be able to determine if 3 clicks were involved in fraud or not.

Probably going to need a more serious offender to determine and present an issue.

Frank_Rizzo




msg:3354405
 10:47 am on May 31, 2007 (gmt 0)

Does that mean it's tough cheese? They won't do anything about it?

Is there a definitive way to determine click fraud? YSM say they have safeguards in place but how can you test that?

The cost doesn't bother me. The fact that a competitor of mine, a punk kid, or multi million dollar ad baron is profiting from this does :-)

Frank_Rizzo




msg:3354419
 11:03 am on May 31, 2007 (gmt 0)

Here's another suspicious one:

123.456.123.456 - - [05/May/2007:23:19:03 +0100] "GET /widgetfood/index.php?cmd=category&id=9&OVRAW=breeding&OVKEY=breeding&OVMTC=content HTTP/1.1" 200 12204 "http://www.dodgywebsite.co.uk/?tracking=QHGLTCIQ" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10" 0 widgets.co.uk "-" "-"
123.456.123.456 - - [05/May/2007:23:19:05 +0100] "GET /favicon.ico HTTP/1.1" 200 894 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10" 0 widgets.co.uk "-" "-"
123.456.123.456 - - [05/May/2007:23:19:05 +0100] "GET /favicon.ico HTTP/1.1" 200 894 "-" "Mozilla/5.0 (compatible; Google Desktop)" 0 widgets.co.uk "-" "-"
123.456.123.456 - - [05/May/2007:23:20:03 +0100] "GET /widgetfood/index.php?cmd=category&id=9&OVRAW=breeding&OVKEY=breeding&OVMTC=content HTTP/1.1" 200 12204 "http://www.dodgywebsite.co.uk/?tracking=QHGLTCIQ" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10" 0 widgets.co.uk "-" "-"
123.456.123.456 - - [05/May/2007:23:20:26 +0100] "GET /widgetfood/index.php?cmd=category&id=39 HTTP/1.1" 200 11999 "http://www.widgets.co.uk/widgetfood/index.php?cmd=category&id=9&OVRAW=breeding&OVKEY=breeding&OVMTC=content" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10" 0 widgets.co.uk "-" "-"
123.456.123.456 - - [05/May/2007:23:20:26 +0100] "GET /widgetfood/index.php?cmd=category&id=39 HTTP/1.1" 200 11999 "http://www.widgets.co.uk/widgetfood/index.php?cmd=category&id=9&OVRAW=breeding&OVKEY=breeding&OVMTC=content" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10" 0 widgets.co.uk "-" "-"
123.456.123.456 - - [05/May/2007:23:20:31 +0100] "GET /widgetfood/index.php?cmd=category&id=9&OVRAW=breeding&OVKEY=breeding&OVMTC=content HTTP/1.1" 200 12204 "http://www.dodgywebsite.co.uk/?tracking=QHGLTCIQ" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10" 0 widgets.co.uk "-" "-"

Once again look at the walkthrough for IP 123.456.123.456. This is the access_log file so it shows everything that this IP did on the site.

23:19:03 User lands on index.php page via clicked ad.
23:19:05 Favicon retrieved by IE7 Browser
23:19:05 Favicon retrieved by Google Desktop
etc.

StupidScript




msg:3358401
 8:50 pm on Jun 4, 2007 (gmt 0)

Does that mean it's tough cheese? They won't do anything about it?

That is correct. In the instances you have posted, there is not enough to define those visitors as fraudsters, and even if they were, you can bet Yahoo would claim that although they did indeed fraudulently click on your ads for some reason, their system did not charge you for more than one click.

It's literally impossible to tell which clicks Yahoo has ideintified as fraud and which haven't without having access to their logs. You could find a thousand fraudulent clicks, but when you submit your log files to Yahoo (or Google, for that matter) for resolution, you will definitely get that response that they have already accounted for those clicks, and they never showed up on your bill.

Your logs + Their logs + Your bill (detailed, with the IPs of anyone they charged you for) is the only combination of data that would begin to come close to allowing you to figure out which clicks were charged and which were not. And that holy triumvirate ain't never gonna happen.

Frank_Rizzo




msg:3358492
 10:52 pm on Jun 4, 2007 (gmt 0)

I think I'll just drop this totally - too much time wasted on my behalf for something that may or may not break even on my $200 per month.

I'm really disappointed with the response from YSM. The first thing to note is that you can not reply to the (non)automated email they send you.

I fill in a feedback form, a person replies. But you have to go and fill in a new feedback form with reference to the first.

In the first reply they say they want to see my log files. I reply, no problem, where do I send the 170Mb+ file to? Then they say log file not necessary, just indicate to them the IP and time I want checking.

The problem is I want all of them checked. Apart from the examples listed earlier in this thread I can't identify 100% within seconds which clicks are suspicious. So I need to go through all of them one by one and try and put a flag on the dodgy ones.

Something else I found: 10% of all clicks are refered from a MFA site. No way are those genuine click thru's. I guess I could throw that at YSM.

As I say, it just doesn't seem worth the hassle and I may as well give up on this. I know that the campaign is not converting well, and that the time taken to recover some of the fraudulent clicks would be less than what I value my hourly rate doing something else.

[edited by: Frank_Rizzo at 10:53 pm (utc) on June 4, 2007]

aeiouy




msg:3359551
 12:00 am on Jun 6, 2007 (gmt 0)

Actually yahoo will work with you on fraud clicks.

I had a friend who just got a favorable adjustment after an investigation. But again it was for 1000s of clicks, not for a few.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Yahoo / Yahoo Search Marketing Pay Per Click Advertising
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved