I think you may start to worry if you received more over 50% clicks in a day or so..... :P

Yeah, I'm going to keep a close eye on it over the next few hours. If it continues I think I'll pull Adsense off the entire site until the issue goes away.

Seems to me you have done the right thing by e-mailing Google and removing Adsense from a few pages. I'd just try and wait it out. Really isn't much else you can other than removing AdSense.

So I took Adsense off that page

Pulling down the ads complete makes the click attacker suspicious

I would replace the AdSense with an Amazon block.

Nobody becomes banned for to many clicks on Amazon.

Great idea, amazon block going in now. thanks

Hi,

Hey, I love the idea of the "Adsense Rapid Response Unit". Presumably these are the guys and gals with the black helicopters and the REALLY BIG hard discs and USB pen drives to suck all the data out of your Web site and sell it of the the highest-bidding conspirator in the military-industrial complex?

Kewl! Send us a pic when they arrive. Be sure to ask them to pass my regards to Mr Cutts! B^>

Rgds

Damon

PS. You might also consider AdBrite as a drop-in AS replacement for abnormally-high click-through rates: it only takes about 10 minutes to set them up, but be sure to put content in an iframe because they can be a bit slow to serve ads sometimes. Mixing AS and AB on a page is allowed, as I have verified a couple of times. Your AB metrics will soar if your CTR goes up!

With Ad Links, early in the morning, I regularly see pages with one visitor and with several clicks, sometimes 6 or 7, resulting in a transient 700% CTR. I think this is normal for Ad Links, and possilbly, if you just have a lot of Adunits on a page (3 skyscrapers = 15 ads). The visitor was just very interested in the Ad Links topic.

So a transient 700% CTR doesn't bother me.

But obviously 70 clicks is ridiculus.

I have recently noticed browsers that properly load pages but then continually GET the core page content over and over again. This could be a sign of malware and the malware is also designed to generate clicks if Adsense is present.

I've mentioned this once before regarding these repeated GETs of the same page, but no one has chimed in. It still is an infrequent occurance in my logs.

If you come in browsing through an ISP like AOL, every request tends to have a different IP address, perhaps this still gets through Google's click filters.

Did this attack use multiple IP addresses?

Another thought is scrapers (crawlers, bots) are proactively looking for certain Adsense Ads and then just clicking on those, perhaps to attack competition.

What ads were showing on this page? Could be a clue!

Oh well it's fun to hypothesize (brainstorm), sometimes it leads to novel solutions to problems.

Looking into the GET requests seems a good idea. I think I'll take a look at the raw logfiles and see if that was how it was being done. I guess that does indicate software or scripts doing things automatically.
CTR on that site reached 1400% this morning before I removed the ads. Ironically enough they were on an article about monetising your website with adverts!

Just an update. Still no reponse from Google, but I was able using a combination of analytics and the logfile to track down where the clicks come from.

The originating search that delivered them to my site was in MSN (organic results) with the term "ADSENSE+ADVERTS".
They came in to the specific page I mentioned earlier and clocked up 30 page views of the same page, then later returned directly to that page and clocked up a further 45 page views.

Taking the search information and looking for it in the logfile I found an IP and was able to look that up to find that not only does it come from an ISP in Worthing, UK but also it seems to be static and applied to a particular business on a particular street in Worthing.

Surely nobody would be stupid enough to start manually generating clicks from their own internet connection that is attached to their business? Must be some form of hijacking going on.

Do you think I should forward the exact line from my logfile to Google as well?

Hi,

Nowt but seaweed and rain in Worthing, let me tell you!

Send whatever you have to Google; they can probably work it out for themselves but you might save them a little time and effort.

Rgds

Damon

I'd certainly send Google everything I could.

Who ever it is may just be an innocent victim, and something infested their PC. But the search terms seem suspicious. Of course even the search could be generated by some kind of virus or malware.

The browser version information from your log entry could be useful to Google.

I've noticed you're new to WW, welcome. I'd like to hear how you make out with your investigation. This could be the tip of the iceberg.

Thanks bumpski - I've been meaning to sign up to WW for ages but never got round to it. All the answers in this thread have made me feel very welcome.

I'll update this thread if I hear anything further or if anything else happens. For now though it seems all quiet in my stats. Hope it stays that way.

Keep us updated. I would like to know how google handles this.

Just an update to say that Google responded and said thanks for alerting them, they would monitor it and I didn't need to do anything else about it.