helleborine and I exhanged some PMs, and I wanted to open this concept up to the whole group:

He is currently blocking a huge list of known proxies. These proxies are known because they have been published on certain sites. I see serious problems with this methodology, and I would like to suggest an improvement and find out if anyone could offer coding suggestions. The problems are:

1. The proxy lists will never be complete unless you happen to use the exact same list as your attacker.

2. The proxy lists will never be completely up to date.

3. To ban every proxy known in the world probalby puts a serious load on the server when processing the .htaccess file. I can't believe helleborine isn't already seeing degraded performance iwth the number of IPs he is blocking.

This is what I suggest as a (perhaps) superior scheme:

Run a robot that, each time your site is accessed with a new IP address that you have not seen before, checks to see if the IP is a proxy. If it is, disallow access. Of course, more sophisticated versions could allow access and just remove AdSense ads. This has the advatage that it is always up to date, and you don't have to ban tens of thousands of proxies -- you only ban the ones that people are actually using to visit your site. It has the drawback of being reactive rather than proactive (the person has already accessed your site, and then you check, and decide if you want to allow them to acess it a second time). You could do the checking in real time, and make the block/not block decision before showing the page for the first time, but I suspect that the latency that would cause would be unacceptable.

Anyone have suggestions, improvements, know of code that exists to do something like this?

Bill, the distinction I was making is that clicks ARE being tracked when you use the Javascript alone (it's all in your server log). You then have a historical record of AdSense clicks and can then analyze the results to your heart's content offline.

But you need scripting if you want to report the numbers in real time or take action based on the pattern of clicks.

Anyone have suggestions

Take the adsense code off your site immediately and contact google with all the information you have so far including times and dates, at least not having any code on your sites pages can't get you banned if that's what he is trying to do.

I say diversify your sponsorship. IMHO Google Adsense is the best contextual based publisher platform out here, but I believe each webmaster should diversify and not rely on one source to provide their entire income. The old saying "Don't put all your eggs in one basket". Create your site as if Adsense never existed...then what would you do? Adsense has made advertising so simple, easy, & profitable that many forget how to market to their visitors. With adsense you do not do any of the marketing...you set the code and Adsense delivers. I think it is brillant and a compliment to the marketing world. But still I think everyone should have some diversity (if you plan on maintaining a web business). My hat goes off to internet pioneers who had to discover ways to get visitors to their site and then had to discover ways to make money from those visitors. Maybe, I'm traditional but I'm constantly thinking of new ways to be successful and build a platform which works for myself and my visitors. My advertising zones are consistent but I diversify my sponsored ads. I do rely and pull more from Google Adsense, but I try new techniques and new platforms to keep it fresh. Try to find ways that you can profit more from visitors as well as advertisers. If you are at a #1 spot in the SERPs then you should be able to sell your own ad space, which is most of the times more profitable than any other platform. Send a polite formal invitation email to the advertising/marketing departments of a few advertisers of interest with details of your site and advertising zones / media kit and wait for their response. If you do not get any responses or a "no" then try sites with lower traffic or small-midsize sites that are trying to come up.

A great free ad server (.php) script is called PHPAdsNew. It works wonders for my site. You can run ads by impressions, clicks, or day-to-day. You are able to provide your advertisers a username/password to log in and view their stats. As suggested you should deliver fake ads to the proxy IP Addresses...this can be accomplished easily with this software. You can rotate your Adsense ads with your other ads so you don't have to worry about showing two different contextual ads on the same page. You can even weigh your ads...such as: give Adsense a weight of 3 which means it will be displayed 3 times as more as other ads or ads with a weight of 1. Its just a thought...it worked for me.

My point is have diversity and other options even if mostly you rely on Adsense. It works out best in the long run for you and your visitors.

I totally agree with increasing your number of revenue streams. Even before the dot.com bust, it was generally regarded that a site should have three unique revenue streams at the bare minimum.

each time your site is accessed with a new IP address that you have not seen before, checks to see if the IP is a proxy

Nice idea. Except your database of IP addresses could get really big, really fast. Even one hit to the database onPageLoad, that's still a big job when your table has a kajillion records.

... How do you detect if a visitor's IP is a proxy?

I have said it before and will say it again.

Google/Yahoo! needs to respond to us (webmasters) in attempts to deliver IP addresses or any other data so that customers of Adsense/Overture can monitor who is and is not the origin of the click-throughs.

I think everyone has the right to see why they are being charged not just that they have been charged for a supposedly legit click-through.

Why does this seem so hard to come by using the Adsense or Overture systems?

I wish they would respond to this so that click fraud can be managed much better and more accurately.

Anyone feel the same on my idea here, I can't be the only one thinking about this.

Hollywood

Thanks antonaf -- I was looking for a technical asnwer, but maybe your common sense one was the best asnwer. Thanks for the name of that script also.

Say it with me folks, pay by conversion.

A big thanks to Brett for hosting this thread on the home page.

I read recently that Google tracks clicks from proxy servers and does some kind of analysis to eliminate click fraud.

This is Google's problem, not yours. If you have to live in fear of what Google will "think", then perhaps AdSense is not so great.

Blaze, this probalby isn't too relevant since the fact of the matter is that Google doesn't pay by conversion and I'd wager that it won't happen any time soon, if ever. But, out of curiosity, how do you think that is even possible, or reasonable? You would be relying upon advertisers to tell the truth about hom much money they are making. That just changes the problem from click fraud to advertiser fraud.

"That just changes the problem from click fraud to advertiser fraud."

But click fraud is the lesser of the two evils, if only because Google has some control over its detection and policing.

I think I've answered this question over 20 times now in these forums:

With Pay By Conversion:

no conversion reported =
no money to google / publishers =
NO ad placements =
NO $$$$ sales.

Advertisers will *OVER* report their sales in order to ensure good ad placement.

"Advertisers will *OVER* report their sales in order to ensure good ad placement."

Well, yes, especially if they aren't doing well. But advertisers how ARE doing well will be tempted to under-report. There would be considerable room for creative reporting in such a system, and it could lead to publishers seeing more of the low-converting ads and fewer of the high-converting ads. That would not exactly be a good thing....

Good point hunderdown. Sorry blaze that I didn't realize you have answered this question many times before, but I don't really think you've answered the question still -- you've thrown out a hypothesis about how the system could work, if this, and if that. Certainly may not turn out that way. One thing is clear, whether it could be made to be better than the current system or not, people would certainly try to game that system just like they try with the current one.

In agreeance with JamesR3...pay by conversion will shift the fraud from click fraud to advertiser fraud. It would require the advertiser to place the conversion code on their conversion page. An advertiser can easily bury the conversion code somewhere that is not a conversion page and doesn't receive any visitors. While they are constantly getting clicks and conversions, but not paying anything for it. Before, pay by conversion is effective and available for all then the masterminds will have to get together and develop a system that benefits all.

I think pay by levels is a better suggestion. Such as: Track a visitors click point to end point. When a visitors clicks on your link it is tracked. Then when he clicks on links within your site that is also tracked. If a visitor goes at least 3 levels deep within your site then the advertiser pays...otherwise, the advertiser does not pay or pay the very minimum just for the click.

Why not use an PHP include file to include your ads, so you can remove the publisher ID line from the javascript in that file for any 'suspicious' visitors? (or display dummy ads/ sample ads from Adsense website)

Like this:
<?php include("inc/ads.php");?>
-- inc/ads.php :
include("blocked_ips.php");
$ip = $_SERVER['REMOTE_ADDR'];
$ad_client = "<< YOUR PUBLISHER ID >>";
if(in_array($ip,$blocked_ips)) $ad_client="";
// print << ADSENSE CODE... $ad_client ...ADSENSE CONTINUED >>
-- inc/blocked_ips.php :
$blocked_ips = array(
'xx.xx.xx.xx', 'xx.xx.xx.xx', 'xx.xx.xx.xx'
);

Also makes it easier to maintain ad(sense) styles and sizes across your entire website.