There was an interesting discussion here [webmasterworld.com] about click attacks and whether or not anyone has been banned as a result.

I've never been convinced of the argument that Google kicks people out because they 'got tired' of an account (or that it wasn't worth their time). As you state, 99% of the people who get kicked out appear to have contributed in a significant way to their own demise, but I doubt that any percentage of the other 1% were booted because Google couldn't be bothered.

In your case I'm sure G has sufficient data to see there was unusual activity on your account not of your own doing, particularly since you've been in contact with them before and all was deemed ok.

Since you survived a click attack and didn't get banned, I think you are evidence that google doesn't just ban first and ask questions later in such cases. You didn't even really contact them right away, it was 4-5 days later.

I think you handled it fine, and should continue along the same lines. I wouldn't be deterred from placing adsense on that page. I do believe there are some programs that may help you, but I am not really familar with them. I also don't know how well they would work in your case with ips coming from all over.

Have you checked to see if the ips belong to proxies? If you are getting attacked through proxies you might just be able to block traffic from known proxies.

Just make sure you keep google informed when something unnatural occurs. They have the tools to more effectively deal with the problem than you do.

Notice that the subject of such an attack can also be one of the advertisers instead of your site itself. It could be another advertiser trying to increase the costs of it's competitor for example.

Doesn't help much probably as you are the victim too but might give you an idea what's going on here :)

Good point dutch_dude, it does sound more like someone's attacking some particular advertiser. That makes more logical sense as well, as there is something concrete to be gained by driving up a competitive bidder's costs.

It would be interesting to know what ad or ads are being clicked. But if it's truly a bot (rather than some jerk manually clicking over and over), my guess is that the tracking script wouldn't work.

Hi dial_d,

I have just banned access to some of my sites for various compromised machines and open proxies (eg using the Spamhaus XBL and SORBS http and soxs DNS BLs).

These addresses are looked up on the fly, and pretty quickly, and I've been using them for filtering out 99.9% of my SPAM for a while, so that might be one route.

(If your site is JSP based I'd be very happy to give you my code; it is all published and under a BSD licence already. Else you may be able to drop in a third-party piece of code in your preferred language intended for mail filtering!)

This would at least force the attackers to show their hand and/or reduce their attack and/or save you a bit of bandwidth without hurting normal users if you pick the right DNS BLs. Just remember NOT to use a list that bans dynamic IPs (bad as mail senders, good as normal users)!

Rgds

Damon

Thanks for the replies guys.

Late last night I installed a click tracking script especially designed to work with Adsense. That should tell me if a particular ad is being targeted. If that's the case, I am going to block those ads and then contact the advertiser and let them know what is going on.

Of course, I won't know anything unless another attack occurs and I have no intention of putting Adsense back on the page in question, not for several weeks anyway.

I may gain some useful information from the click tracking script but it seems unlikely that it will reveal who is behind this. It must be some sort of automated script doing this because the attack doesn't stop immediately after I remove the Adsense. A human would realize immediately and stop the attack or switch pages. Is there no one out there who has figured out a way to beat these things?

I will keep you guys posted of any developments though.

I am going to block those ads and then contact the advertiser and let them know what is going on.

AdSense T&C forbids you to contact advertisers directly. If you detect invalid clicks for a specific ad it would be wiser to contact Google directly. They will not only inform the advertiser when necessary, but it also ensures that your account remains in good standing. As a publisher, having a good relation with Google is far more important than having a good relation with an advertiser.

Thanks for the advice, lammert.

I hadn't realized that contacting an advertiser was against the rules. I had intended on asking Google about that anyway but now I guess I don't need to. :)

DamonHD,

I really appreciate the advice. I haven't had time to quite check everything out but I did some testing and several of the suspect IP numbers turned up in Spamhaus's DB. So, it looks like this person is using proxies to launch this attack.

One thing that puzzles me though is that the Spamhaus seems to focus on stopping spam emails. How can I make their system work with my website? I really appreciate you offering to show me your code. The site in question is just a static html site but I usually code in PHP and my server doesn't seem to support JSP. (I created a simple test page but it doesn't work properly.)

Hi,

One way that SPAMmers often work is by routing their sh*te through compromised machines that have been partially or wholly taken over to act as open proxies. Thus, once SPAM has been routed through them, they can end up in Spamhaus' (or other) DNS BLs. For example, the two SORBS DNS BLs I mention focus purely on open proxies.

The people that you want to block from your Web server's AdSense are almost exactly the people that you want to block mail from EXCEPT that users with dynamic IP addresses are almost NEVER legitimate mail senders but may well be legitimate Web server visitors, since most of Joe Public's machines get dynamic IP addresses. So you must pick your DNS BLs carefully, and test!

Note that there may well be pre-written PHP code to look up IP addresses in these DNS BLs, and if you pick the right DNS BLs (for example the Spamhaus XBL and the SORBS sox and http lists) you may have the ability to block these guys dynamically.

Rgds

Damon

DamonHD,

Thanks a lot for your help! You are a real credit to this website. I will be testing some DNS BLs tonight. Thanks again.

I also wanted to update you guys on a recent discovery. On a hunch, I emailed other webmasters who are listed for the search phrase that I keep getting hammered on.

As it turns out, at least a few other web sites listed above my site are suffering from exactly same problem. None of them have Adsense though so I'm not quite sure what to think about the discovery.

Does anyone know how these click bots work? I would have thought that if someone is targetting me (or even a particular ad) that their bot would be smart enough to only visit my page. The really odd part is that whatever is causing this is definately clicks on my Adsense ads at exactly a 10% CTR and I know that some of the IP numbers are open proxies.

Am I the target? Is it possible that this is some sort of router error or computer glitch of some kind? Maybe someone is testing a click bot? I have emailed MSN to see if they would be willing to help me but I doubt they will tell me much of anything.

BTW, where are all the people who claimed to have been booted from Adsense because of click bot attacks? Seems kinda fishy, doesn't it? I would have thought that this would be a hot topic since this could happen to anyone.

Hi,

Making clickbot attacks harder using (anti-SPAM) DNS BLs is bleeding-edge technology: I'd like to think that I just invented it a few days ago. B^>

So I'm not too surprised that others may not have used it (or anything similar) yet.

But ultimately, Denial of Service (DoS) attacks can rarely be completely stopped, a bit like perpetual motion machines not being possible; you just have to live with the risk.

Rgds

Damon

After reading about these attacks.
I will be making all my domains private.

I was also was going to put my corporation company name at the bottom of my sites, but I will also refrain from that one.

Im not doing these things out of fear, but more as a smart precaution to distract attacks from competitor's and so on.

I wonder if Bin laud in has a adsence account in a alias name?
You just never know who is out there, and I know there are more people than you could count who would do you in if given the opportunity....people kill each other over $20.
with AdSence you could be talking thousands, so no one be nyeve, be safe not sorry.
I dont trust anyone, but one person with me life, and my Ad Sence :).
thats my Add Since!
Joel

About an hour after I removed the Adsense from the page, the attack stopped.

How did you know that it stopped? On what data did you base your belief that somebody used a click bot on the ads on your site? What was the source of the data?

Hey John,

A click bot seems to be the only logical solution.

The source of this data is simply my stats programs and raw access logs.

The page in question typically sees about 30 visitors a day for a variety of different search phrases. Suddenly one day, I get 300+ plus visitors to that page on exactly the same search phrase, in two minute intervals. The search phrase used is fairly uncommon. (I got 45 visitors last month on that search phrase. I have 800+ this month.) Once I realized what was happening, I removed the Adsense code and about an hour later the page stopped being accessed every two minutes for that search phrase.

About two weeks later, the exact same thing happened. Only this time I wasn't at home and the page got accessed about 500 times before I removed the code. Again, it took about an hour before it suddenly stopped again.

As far as it being a click bot, I can't really see someone sitting at there computer for hours doing this manually. Plus, it is clicking on my ads at an exactly 10% CTR (that's pretty far off my typical CTR).