Welcome to WebmasterWorld Guest from 34.204.194.190

Forum Moderators: buckworks & eWhisper & skibum

Message Too Old, No Replies

Adwords abuse - Need Help and will Pay

Adwords abuse - Need Help and will Pay

     
2:43 am on Feb 13, 2011 (gmt 0)

New User

5+ Year Member

joined:Feb 13, 2011
posts: 3
votes: 0


Hello guys!


Iím managing a small dental company, specializing in high value treatments. Market is very competitive and unless like classic dentistry the type of treatments we do is not for the local market. People do travel a lot for having their treatment done and for this reason local ads, word of mouth does not work effectively. Does work internet advertising, like Google Adwords.
We pay truly a lot for these ads. Up to 3-4 pounds per click. Conversion rate is only about 2%.
I have found out that someone or a group of people are abusing our ads very badly and they are using techniques I cannot fight any more.
They started with basic methods like clicking on 3-4 different ads once and a 20 minutes later again. I could ban IPs.
Then they moved to international proxy servers, I could localise our ads, so our ads did not show up for foreign IPs.
Then they started to use TOR to abuse our ads. Again, I could ban IPs, wrote to Google, etc and could lower the number of abusing clicks. Google actually did not do anything.

But now, it seems that they are able somehow to change IPs every single time they attack and for these reason I cannot ban their IP and Adwrods serve them with an ad every single time. They even mask their OS and browser data. I also think that they maybe are using auto or scripted methods or even wrote their own abusing software.

I figured out that they are using a few services like sky dial up, Carphone warehouse broadband services, virgin broadband, BT internet tough Iím not sure if these data are fake or valid.
I estimate that we are loosing 2-4K of our advertising budget every month so our loss could be a 25-50K per year.



Many thanks, Gabriel

[edited by: skibum at 1:21 am (utc) on Feb 15, 2011]
[edit reason] Removed Personal Info [/edit]

8:56 am on Feb 14, 2011 (gmt 0)

Junior Member

5+ Year Member

joined:Jan 21, 2011
posts:61
votes: 0


I'm afraid I don't have a silver bullet for you right now, but maybe some more details might help someone come up with one.

I'm guessing you've identified a common pattern to these attacks, which is how you've managed to track them to international servers and TOR. Can you elaborate on what that is?

Also, if you've had any response from Google, can you go into more detail about what they said?
4:34 am on Feb 18, 2011 (gmt 0)

Full Member

10+ Year Member

joined:Apr 12, 2004
posts:203
votes: 0


Is this happening on search or the content network?
5:26 am on Feb 18, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 1, 2006
posts:1536
votes: 0


Stop your adWords campaign. Wait.. restart after 2 weeks and then check if the scamsters have moved on ..
5:29 am on Mar 9, 2011 (gmt 0)

New User

5+ Year Member

joined:Mar 9, 2011
posts: 10
votes: 0


Are they targeting you on search, content or both?
1:16 pm on Mar 9, 2011 (gmt 0)

New User

5+ Year Member

joined:Feb 13, 2011
posts: 3
votes: 0


Hi Guys,

Thanks for the replies.

I think it is happening on both, but there is a specific keyword group, the most important, where I think they do the most damage. They know we cannot stop those keywords, so obviously they are attacking there.

I cannot stop the Adwords campaign as 90% of our new business is coming from there. Also, I think we are specifically targeted, so I don't think the attacked would move on.

There is a specific pattern.

While a genuine visitor comes to our websites trough various keywords and visiting some websites of various subjects, spending vary various times on the site, the attacked hit comes always from a small group of keywords. After hitting the main site, they are always visit 3-4 pages, almost always the same (I guess that's how they try to mimic a natural visitor) and they leave the site in about 1 minute.
This is very often repeated 30-40 times a day. If you calculate 3 dollars for every single hit and multiply it up, it is very large amount per year we loose.

Any specific help you can offer please?
1:40 pm on Mar 9, 2011 (gmt 0)

Junior Member

5+ Year Member

joined:Jan 21, 2011
posts:61
votes: 0


This sounds like an extremely sophisticated attack. Your only solution for avoiding it appears to be stopping the relevant keywords, which obviously isn't an option.

If Google can't or won't do anything about it, then I'm struggling to think of ideas. They claim to be quite big on click fraud; have you gotten any response from them at all? Or has it mostly been a form letter/no response?

Whilst it may take a lot of time, it might be worth aggregating data from the attacks and seeing if you can pull out IP addresses to ban anyway. After all, there are only so many proxies a person can use. It may also be that if you can associate these IP addresses with specific ISPs (or at least a real person of some kind) you can appeal to them to investigate - as you've identified a few already, I suggest going direct to them with your data and seeing what they say.

This is also something you might be able to refer on to your hosting provider for advice.
5:04 pm on Mar 9, 2011 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member netmeg is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 30, 2005
posts:13012
votes: 222


I don't think there's a whole lot you can do here, frankly.
6:03 pm on Mar 9, 2011 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:7139
votes: 412


Do they have a specific browser "footprint" or "footprint(s)" ( if they are using more than one browser ) that you could block ?

Your raw logs will tell you if there is a single browser OS combo involved ..if so ( or if they are only using say two and on a specific OS ) you can block their combo ( you may lose some visits from others using the same "footprint" ) ..but if you are lucky their particular one may be identifiable even if coming through from various proxies ..or it( they ) may be uncommon enough that blocking any instances of it ( them ) will save you more than the potential lost revenue from blocking "innocents" with that particular browser footprint..

Also sometimes called browser fingerprint..

To get an idea of what it means ..go here
[panopticlick.eff.org...]
and then ask around the spider forum [webmasterworld.com] ..the approach to blocking spiders/bots or "kicking them to the curb" is very similar in many respects to what you would like to achieve..

HTH

<added> ..you may be able to associate certain browser footprints with certain keywords and only 403 the ones which match both ..ie only kick browsers of type a string 123456 ( horribly simplified way of getting over what I mean ..actual strings see spider forum ) that are also clicking via words ABC .</added>
7:15 pm on Mar 9, 2011 (gmt 0)

Full Member

10+ Year Member

joined:June 14, 2008
posts: 244
votes: 0


OP said they
mask their OS and browser data


But maybe the 'masking' leaves it's own footprint?

Or maybe they use a botnet of some sort? There would be tons of different fingerprints, & no way to block them?
7:23 pm on Mar 9, 2011 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:7139
votes: 412


<embarrassed>whoops ..</embarrassed>
I read the OP at the same time as I was typing an email ( in another language )..missed that :(

I still think it might be worth asking in spiders though ..not everyone reads everywhere .."spiders" and "apache" here have some of the best minds on these subjects on the net posting and reading..( and certainly modding ;-) ..maybe brainstorm in either or both of those fora might come up with something.
7:47 pm on Mar 9, 2011 (gmt 0)

Preferred Member

10+ Year Member

joined:Apr 24, 2003
posts:544
votes: 0


I assume you are from the USA? A silly question, why dont you exclude certain states, start with only showing your Ad in California, if nothing happens then go to the next state and so on till you find the #*$!s, who knows, maybe they sit only in one state?, i am not an Adwords expert, but if i want my ad only be sown in California the rest of the world doesnt see it?

just wondering...
cheers
viggen

never mind i saw you use pounds, ist it possible to do this in England on a county base?
2:08 am on Mar 10, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 9, 2007
posts:876
votes: 0


This sort of thing makes my skin crawl. Years ago I was hit with the exact same thing.

We had a £500 a day spend, which was eaten up evenly during the course of the day. Suddenly our spend was taken up within hours with zero conversion.

Adwords apparently had security measures in place, which prevented any illegal activity and they were certain all clicks were legit. Their ignorance was enough to put me of using Adwords again for as long as I lived.

The data I presented them with, was pretty f'ing clear. It was an obvious sabotage. This was back in ... 2004 I'm guessing.

Viggen makes a good point, showing locally, county by county, will help pin point where the offenders are. It's likely a competitor trying to remove you from the listings. Vile creatures.
8:27 am on Mar 10, 2011 (gmt 0)

Junior Member

5+ Year Member

joined:Jan 21, 2011
posts:61
votes: 0


A county-by-county approach won't work. They're using a distributed attack through TOR nodes (or a botnet, which would look similar, but the OP seems to have done their homework and narrowed it down), which means that the clicks appear to originate from many different places.

EDIT:
If you want to be super-vigilant and eliminate all TOR clicks, I found some resources for you.

The abuse FAQ: [torproject.org...]
TOR exit node list: [check.torproject.org...]
DNS-based list: [torproject.org...]
12:28 pm on Mar 10, 2011 (gmt 0)

New User

5+ Year Member

joined:Aug 23, 2010
posts:30
votes: 0


sorry, but how exactly do you know this is an attack and not just a problem with your campaign/website?

I'm assuming you're involved in cosmetic dentistry, this is a notoriously competitive sector with a LOT of traffic and a LOT of window shoppers who probably can't afford it but enjoy looking.

The pattern you've described could just as easily be as a result of a badly configured campaign/poorly designed website as anything more sinister. Have you had your PPC/website performance reviewed by anyone else?
2:50 pm on Mar 10, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 20, 2006
posts:2155
votes: 90


was thinking what spyglass said, g seems to have a very good handle on fraud imo.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members