Forum Moderators: martinibuster
One thing is in our favor- AdSense requires JavaScript to function. So it is conceivable that JavaScript can be used as a tool to defeat AdSense click fraud. This could be a powerful weapon in fighting the problem. There are also server side solutions to the problem as well.
Some immediate suggestions come to mind:
Any successful solution must be implemented in accordance with the AdSense Terms of Service.
Your thoughts, tips, observations, and suggestions to the discussion are welcome.
It seems the problem is with identifying what a 'valid' click is. Within the greater scheme of advertising, pay per click is somewhere between pay per sale, and pay per pageview. A click is supposed to be an 'expression of interest' in the product, where as a page view has very little correlation to interest in the products advertised. and a sale is absolute.
So if a click is an EOI then how do we judge whether it is in fact interest, or an 'invalid' click or an click attack of some kind. I would assume that a lot of clicks are done by users who have very little interest in actually purchasing a product. It may be research, 'shopping around', general interst, or misunderstanding about what they are actually doing.
I'm just spit-balling here, but does a move towards a solution involve a consideration of what a valid click is, and the place for pay per click advertising within the greater picture of internet advertising.
Here's my final plan of action after two months of extensive research into my visitors click behavior and the log data accumulated during that period. By the way, I track all HTTP_Headers the browser sends:
1. First line of security. Bot detection and traps, some of which are rather sophisticated and the details of some of these techniques I will not go into on a public forum.
2. AdSense ads targeted to English language browsers.
3. AdSense ads targeted to cookie enabled browsers.
4. Clicks counted- 10 clicks disables AdSense ads for that user session.
5. Multiple clicks per second disables AdSense ads for that user.
6. Global shutdown of AdSense ads when click-thrus exceed a predefined limit. E-mail alert sent before the limit is exceeded to allow for a review and possible extension to the limit.
7. Alternative advertising served in place of AdSense when applicable.
8. AdSense disabled for site administrators to prevent accidental clicks.
Later, I plan to limit impressions to 50 page views per user session. By the way, with the exception of bot traps, nobody has exceeded any of the limits listed above and had AdSense impressions disabled during their visit. The non-English browsers account for roughly 1/10 of 1% of my visitors so I'm not losing revenue there. But, the protection is in place should the need arise.
I have a relatively high click-thru rate on my main site and haven't seen any reductions in my stats (10,000+ clicks per month). In fact, CTR and ECPM has gone up. This is not unexpected because advertising works best when it's targeted. Another added benefit is that bots and scrapers don't see the ad code.
Another point I should bring up is the narrow view and assumption that most click fraud is perpetrated by a single individual on a static ip. This type of activity is obviously easy to filter out. Most of the real fraud is harder to detect because the clicks are spaced out to avoid being detected for suspicious behavior. Imagine a click bot that snatches multiple pages in a second and fetches the Ad block from Google in a timed fashion, ultimately resulting in a small number of clicks spaced out over an extended period of time. I can see and control this behavior- Google can't. This is because I have the advantage of being able to compare server logs to click logs. There are other examples that can show how much easier it is to detect click fraud on a server level that would be difficult for Google to detect but I won't go into those here.
You also seem to know exactly what a good click and a bad click are. I have to admit I really don't know where the line is/should be drawn. I would have thought before that if I am not doing anything to produce clicks on my own ads then there was no click fraud. But clearly I was wrong, and many like me. So invalid clicks can also be part of 'normal' user behaviour. People reporting adsense error messages when clicking on a lot of ads doing research for example. (I say normal, because user behaviour patterns are so very wide and diverse.) This is in part what your system aims to cut down on (4,5,6).
So in relation to your last point, are you trying to stop intellegent click fraud attempts on your own sites? Who would be motivated to implement this but you? I don't follow. I understand the threat of malicious click attacks by individuals or bots, but I don't follow what you are saying about stopping the real click fraud attempts through webmaster opt-in systems.
So then should a requirement of participation in Adsense be to give Google full access to server logs so they can compare and decide what is and is not a valid click? I would trust them to make this decision, but I would not be so comfortable with handing over the access.
re #4: Note that some users double-click Internet links. They may also multiple-click if the new page doesn't come up quickly enough. I'm certain Google knows this and can easily filter these out. This could tend to max out ad views for a few percent of visitors.
There are click bots that target competitor ads listed on sites in certain industries. This is old news and has been happening for years with various ad delivery services- not just AdSense.
Surely you are aware of referrer spam. Hits from revolving IPs delivering a seemingly infinite number of changing referrers. Take a moment to consider the effect something like that would have if it were used to target a program like AdSense. One click per IP. You are the first line of defense. Are you willing to make an effort to control it or are you going to make Google do the work for you?
Better prepare now. Always best to be one step ahead of the #*$!s.
Most sites would see a significant reduction in earnings if they eliminated ad serving to anyone not using English as their default.
I disagree, assuming the site is English language. You said default. I said an English capable browser. If "en" is listed anywhere in the browser's HTTP_ACCEPT_LANGUAGE header they will be served AdSense ads.
Later, I plan to limit impressions to 50 page views per user session
I have log file evidence with 220 pages in one session.
The 8 step plan I'm using has been tailored for my visitor's behavior. If you want to allow 200 ad clicks or 1000 ad impressions per user session- go for it. :)
