Iken;

There have been a few publishers that post here that have been reinstated for various reasons.

It seems like it is best to contact Google with a clearly word, non-emotional, business-like approach.

Offer to provide any data they may wish to see, like log files, etc.

Good luck.

I think this post illustrates the need for webmasters to be very proactive regarding AdSense. For example, when you see a DDoS attack, IMHO you should immediately remove AdSense from your site and notify Google. After an appropriate amount of time has elapsed, you can put AdSense back. In our case, we waited two weeks. Better to miss a couple of weeks of income than to have your account suspended.

I don't see why google would ban anyone for a DDOS attack.

A denial of service would mean no ads were being displayed nor clicked.

Sounds like Google wouldn't even know about it. So it is highly unlikely that is why you got banned.

What most likely happened is "someone" at a place where you manage your site, be it work, home, school, internet cafe, clicked on your ads.

Less likely scenarios involve other people trying to sabotage you, although I have never seen any evidence to support this has actually happened.

If you think someone attacked you and clicked on your ads then let google know, let them know about the DDOS attack and provide them with all the relevant information from your hosting provider documenting that such a thing actually took place.

Google has no reason, or really know way of just banning people because they suffered a DDoS attack.

Here is a thread you might find interesting.

Adsense Account Reinstated [webmasterworld.com]

My sites have suffered through click fraud attacks and I've not been kicked out of Google because of it. Why? Because I was proactive. As soon as I noticed anything fishy (in my case, an abnormally high CTR -- but the definition of "abnormally high" will vary from site to site) I went combing through my access logs to see what was happening, and then I sent an email to Google asking them to investigate on their end. I also turned off the ads on the offending pages while the attacks were happening. Working with them is the best way to avoid problems.

One of the sites that I link to also ran into click fraud problems, but they weren't proactive and got suspended from AdSense because of it. However, they were lucky because the click fraud only occurred after they were linked to from my site and on further investigation Google reinstated them. But I bet they could have avoided the suspension in the first place if they had reported the unusual activity.

Eric

You can get your account back :¦
---- Simply reply to the e mail you got from G and tell them the actualy things hapening to you.
They do reply and investigate the matter if you are true, you will get back your account, thats not a problem.....

Hi Iken,

I haven't had a DDoS attack (yet), but I have over the last couple of days had a significantly-elevated (6x) level of accesses from compromised (eg virus-infected) and other "bad" machines.

As soon as I noticed I emailed G and asked them if they wanted me to remove ads or zero out my revenue for the few days.

They said there was no problem and all clicks were valid.

I think proactive does help.

Rgds

Damon

[edited by: tedster at 11:30 pm (utc) on Aug. 24, 2005]
[edit reason] thread clean-up [/edit]

My apologies to Iken, who saw his thread hijacked into a very unrelated discussion. I've removed the off-topic comments.

I know of people who've been re-instated after problems with apparent click-fraud. I can also see how a DDoS attack would be something that would be problematic for AdSense to deal with if it was triggering massive but spurious clicks.

I agree with the advice above -- be proactive.

I know of people who've been re-instated after problems with apparent click-fraud. I can also see how a DDoS attack would be something that would be problematic for AdSense to deal with if it was triggering massive but spurious clicks.

Could you explain how a DDoS attack would create spurious clicks?

Could you explain how a DDoS attack would create spurious clicks?

I'm just guessing, but it might be more related to inflated impressions than to clicks.

Not sure why you didn't just stop the source of the DDoS as you could easily block the IPs.

The only way I could see DDoS against your site impacting AdSense is if they were rapidly requesting pages just to execute the AdSense javascript to get a new batch of ads to click attack.

Technically, if would be far easier just to take your AdSense code from your HTML and paste it into a web site on a free server in some other country and then click attack your account via pages on that free server, without you seeing any traffic spikes whatsoever. You would just get a rush of ad impressions and clicks for no obvious reason.

I've mentioned this AdSense weakness to Google a couple of times already and it has a simple solution. Google just needs to let PUBLISHERS specify the valid list of domains where their AdSense code is installed. This would stop the vulnerability of 3rd parties playing with your AdSense account, and Google could simply filter out clicks from all unauthorized domains.

However, I've never heard back from them about doing anything to resolve this to date.

I'm just guessing, but it might be more related to inflated impressions than to clicks.

Interesting observation.

Now that AdSense has site-targeted CPM ads, impression spikes may trigger more alarms than they did in the past.

Whoever ran the DDOS was malicious, and might have decided to click all your ads repeatedly too or something just to try and cause you even more grief.

>> DDOS was malicious

why do you say that?

Now that AdSense has site-targeted CPM ads, impression spikes may trigger more alarms than they did in the past

The impressions are only spiked if the ad is actually displayed.

Most DDoS attacks on web pages just keep sending requests to download the HTML and then the connection is broken so the web server is sitting there attempting to download a boatload of HMTL pages. The purpose, especially with CGI or PHP is usually an attempt to overload and crash the server.

These never actually result in downloading images files or in this case javascript being executed unless the DDoS is something I've never seen before and I've seen a lot of them.

Thanks for the DDoS info. My point, however, is simply that impressions (not just clicks) may also get a closer look by Google now that they're actually worth something when the publisher has site-targeted CPM ads.

Hi, sorry for the late reply but I was just to busy to reply.
I see it started a long discussion wich was cleaned after a while. :)

I can say now it is a total attack and many different techniques are used. At the moment only port 80 is bombarded with http requests but I guess adsense has been targetted as wel. I allready mailed Google but I used the adress wich belongs to the site so a reply won't come through at all so I will sent them a new mail explaining things from another email addres. They also used mailbombs so...

It's in the news allready and I can proof that a stupid third party is responsible for it so I think Google will reinstate me later on. Well, let's hope do.

Some guys say that I must be proactive and I think that this is only partly true. I just can't monitor my site 24 hours a day 7 days a week for suspicious activity but a little bit proactive everybody can offcourse.

"Not sure why you didn't just stop the source of the DDoS as you could easily block the IPs."
@incredibill, have you ever experienced a massive +900Mbit DDoS attack? Guess not from the answer you gave. it's not all about blocking many IP's but what to do with the data that's hammering at your gate?

Google just needs to let PUBLISHERS specify the valid list of domains where their AdSense code is installed. This would stop the vulnerability of 3rd parties playing with your AdSense account, and Google could simply filter out clicks from all unauthorized domains.

Unfortunately, that's not possible. The "clicks" come from your visitor's computers, not your server.

-- Roger

Unfortunately, that's not possible. The "clicks" come from your visitor's computers, not your server.

OK, think this thru...

The ads are served from a DOMAIN, if the DOMAIN isn't in the theoretical allowed 'domain whitelist' for your AdSense account to serve then they don't have to display any ads.

Even if Google displayed the ads regardless and filtered clicks after the fact, Google DOES know what domain the click is originating from via referrer or something embedded in their ad ID code otherwise URL CHANNELS wouldn't work.

Bill you can spoof referer very easily

Bill you can spoof referer very easily

Ah, it's early, the caffeine hadn't quite soaked in yet.

I see the problem now - oh well, back to the drawing board.

Hi all,

It's been a while but here is an update.

I can say Google stinks in this appartment. All they say is there were fraudulent clicks and that's it. I never clicked on any google banner on my site but in the mean time they don't deliver any proof and actually say that I'm a fraud. I can't use AdSense anymore because I'm tagged a fraud, a criminal or you name it. All I ask is for some proof or something so I can see what and where things went wrong so I can do anything about it in the future but they say nothing more but the standard stuff.

"Publishers whose accounts have been
disabled for invalid clicks are not allowed further participation in the
AdSense program.

We review all publishers according to our Terms and Conditions and program
policies, and we reserve the right to decline certain applications."

And here a request for a site that is huge and very popular in this world. Many sites like this exist (smaller and different languages) but for me it is a no go.
"After reviewing your
application, our specialists have found that it does not meet our
program criteria. Therefore, we are unable to accept you into our
program."

And so on and so on. The standard reply after the other. Evrybody wants to be on this site but google just denies it. I must say the banned account is about a forum and maybe people click on the same advert over the weeks months so maybe they think this is fraud...

I was with google from the first week they opened the search engine and praised it to all my friends and family but now years laters they turn out to be something really else. :(

Is there really nothing I can do? People who say I'm a fraud should come up with proof to back this up. This monopolist behaviour is going to far.

Hi Iken,

Thanks for the update.

Can you SM me your URL?

I can see why G might not want to be associated with a site that might regularly be attacked, since if nothing else it may load their systems directly or indirectly, but if you did nothing to incite the attack you should have a case.

Have you tried speaking (calmly) to a supervisor on the phone recently?

Rgds

Damon

If your site is "huge and very popular" then you have other options, which might even be more lucrative.

Don't take it personally. They haven't accused you of fraud or of being a criminal. They've just found what they call "fraudulent clicks" on the ads on your site. If you reread the agreement, you'll see that they don't have to provide any more information to you than that, let alone actual "proof."

So if they won't reverse the decision, move on and find another source of income.

People who say I'm a fraud should come up with proof to back this up.

You are taking this personally. I bet you can’t find that Google has called you a fraud in any of their communications. All they have told you is that your site has generated invalid clicks and therefore your account has been disabled. It really doesn’t matter who generated the invalid clicks, the issue is that, in Google’s opinion, they have occurred.

Hi,

Bingo!

G *really isn't* out to get any of us (except possibly CNN, for using www.google.com, apparently!), they really have better things to do with their time and money than persecute us. Don't take it personally indeed!

(At least I hope not since my click-throughs just spiked today, G have mercy on my account! B^>)

Rgds

Damon

Iken: That sucks. That's all I have to say.