re: what protection could you put in place ..

I've coded a small script for my server (in Coldfusion) that will stop showing Adsense to an IP that clicked more than x times withing 1 day.

For sure this can be also made in any other server sided language.

[edited by: Noel at 12:35 pm (utc) on Nov. 25, 2005]

what about proxies?

DaveN

Would you like to share the script? Im interested on how you did it without actually modifying the Google ad code.

what about proxies

Yes this is a problem.

Would you like to share the script? Im interested on how you did it without actually modifying the Google ad code.

All the script does is it logs the clicks on the ad, and the IP of the person clicking.

Next time the person makes a visit to my site, it will look in the DB, and if the IP is in it and the timestamp is less than 24 hrs it will not show the ads.

This got nothing to do with modifying the google code.

what got me thinking was that GM extension for FF that popped all the adsense ads into new tabs ..

DaveN

Noel, be careful with this script. Once people realize that they have to click an ad to make all the ads on your pages disappear they could be clicking every time they revisit the site. This could cause more click fraud than prevent, even without the intention of the users to harm you.

Just a thought.

jurii .. you think that repeat clicks from the same ip 4 -5 a day everyday would trigger a ban?

DaveN

what about throwing blog spam traffic at a adsense account would that ban them or excessive popunders to a site that runs adsense

DaveN I don't know if this would cause a ban. But surely these clicks count as fraudulent ones.

Maybe the best tip as always is: ask Google if it's okay.

Maybe the best tip as always is: ask Google if it's okay.

like hey Google i found a site that is pop undering my ad's, sending me blog spam traffic.. and i thinkj they are clicking on the ad's from these 10,000 proxies .. is that ok?

love DaveN #*$!

no, more like 'is it okay to use this script ...'

you mean Noels script?

>>same ip 4 -5 a day everyday would trigger a ban
when I was using a adsense tracker I would see clicks logged and then they got removed as the day went by, when checking the stats it would show clicks coming in from the same IP number and viewing a few different pages so I think its fair to say that google have software in place to detect "most" fraudulent clicks.

not quite the scale of 10,000 proxies i must add ;)

proxies would be a problem unless google have a list of known proxies what they track for clicks and these IP numbers are automatically removed from your adsense account, may be? or may be not that simple to track.

popunders are allowed provided that they do not exceed a combined total of 5 per user session

Im interested on how you did it without actually modifying the Google ad code.

One way to do it without modifying Google ad code is to put the ad into a separate file, like 'path/includeads001.php'.
In the main page 'index.php', simply include that file:
<?php
if ($show_ads) {
include('path/includeads001.php');
}
else {
do_something_else;
}
?>

You could have multiple include files with different colour shemes or text_image combinations and select them as you like.

Have fun and regards,
R.

Allways horrible when DaveN has been struck by an idea...

Now. Are you planning to do this to yourself or to do somebody else in?

Actually, I think Google would act pretty fast if a site suddenly got that kind of traffic. Me on my side would turn the ads off as soon as I could.

I had to build a clickbot protection system for a guy. just making sure i covered all the bases...

DaveN

The rheoricial question is...

are google unable to detect clickbots?

Flipside to adsense, if they cant see moody clicks on the content network, does that mean they cant see who is raping me of my adwords budget?

clickbot protection system : it scared me what i saw LOL .. adwords thats a different ball game ...

DaveN

It is like a bank, they will never admit that they have a security problem, as no one will have confidence in them.

Which could kill them.

I think the same goes on with G / Ov etc

One way to do it without modifying Google ad code is to put the ad into a separate file

Romeo, I believe that thy method would work very well to turn on or off the advertisement.

Unfortunately it would not log the IP address of who is clicking on the advertisement.

Unless thee have some sort of a client side code, I cannot see how thee can track the IP without modifying the ad code from Google.

I believe that is what krod refering to in her/his post. S/He would like to see the code that sets your $show_ads.

heheh Tapolyai ... I think he would check IP and do some other stuff before Flagging the show_ads to be true... just a wild guess..

the IP would have to be in bad user database .. you can sniff to see if the adsense script has been clicked or not .. even down to what ad was clicked

DaveN

Tapolyai,

the $show_ads may be set with the following logic - looks clumsy but works:

A JS adsense tracking script on the page does a GET /images/1pixel.gif?parms=$PAGE&ad=$AD or the like, to be logged. One or two free scripts circulated here on WW about a year ago.

A small perl script running in the background scans the httpd log for these GETs by emulating a 'tail -f' and INSERTs the $REMOTE_ADDR and a time stamp into a mySQL database.

In the web page carrying adsense there is a short piece of PHP code doing a SELECT for how many records the database has for a given $REMOTE_ADDR.
If > $X then set the $show_ads to not show the ads.

Finally, another small perl script should be fired from cron every hour deleting old records from the database with timestamps more that 2 hours old.
Eventually, once a day or once a week the script may additionally drop and re-create the table, as I don't know how good the space handling of mySQL is if using a table this way over days and weeks.

Regards,
R

Romeo:

I am sorry I do not understand. (I am comfortable with the programming, and the concept, it's how you deliver it is my issue.)

A JS adsense tracking script on the page does a GET /images/1pixel.gif?parms=$PAGE&ad=$AD or the like, to be logged. One or two free scripts circulated here on WW about a year ago.

The AdSense Javascript is remote, and comes from googlesyndication.com/pagead/show_ads.js.

How do you inject your GET, into Google's script, unless you use some sort of a JS wrap-around script? If that is what you are using, I think that is what krod and I are still love to see.

I'm using this just underneath the Adsense code.
(will only work with IE type browsers)

<script type="text/javascript"><!--

function hit(){
window.focus();
if (window.status){
img = new Image();
img.src = 'logit.cfm?ref=' + escape(document.location) + '&link=' + escape(window.status);
};
};
document.getElementById("google_ads_frame").onfocus = hit;

//--></script>

In my case (Coldfusion) The logit.cfm will write the 'ref' and 'link' and (the IP address of the person calling the logit.cfm file) to a 'log' database.

Above the Adsense code I have some code (Coldusion again) that will read the 'log' database and see if the IP accessing the page is in the database, and if timestamp is okay.

If IP is in the database and timestamp is not okay it will not show the Adsense ads.

If IP is not in the database or if timestamp is okay, it will show the Adsense ads.

Thank you!

Tapolyai,

How do you inject your GET, into Google's script

There is no injecting. Just like in Noel's example, the JS loads a
img.src = 'logit.cfm?ref=....
which results in a GET request at the webserver.

The GETs are logged, and the log gets scanned.

Regards,
R.

This code is intriguing. Can it work for Yahoo as well?

Before Google allowed you to opt out of PSAs, someone passed me some code to detect what the ads were and to not display them if they were PSAs. I was scared it was outside the TOS and didn't use it. But he assured me it was ok.

Has anyone else tried this? Now that I have code to not display Yahoo to international visitors, maybe it's time to dig deeper into what to show. Start logging the urls and ads displayed and rotating between Google and Yahoo depending on what's shown. There isn't enough variety to my ads and it might help both programs to give them a "push"...

Is this technically feasible? And if so, is it against the TOS? (Sounds like it might be, although all it would really do is see what ads would be shown to a user and hide them if not optimal. Not modify the javascript if it does show.)