Out of curiosity, have you still been experiencing this? We started noticing this same behaviour in January and it has continued through March. We turned off United Kingdom as a country and it primarily went away. We then added a little more detail into our proxy checks and found a lot of the people using the fake info (which was for real people) were using proxies, colo servers, dedicated servers, etc.

Yes...still experiencing. Google has been refunding clicks (hundreds of dollars/week) but I am sure there are some that we are not getting credit for. Plus the bad data just is a lot of noise and headache for our buyers.

I use a wordpress plugin that collects IP addresses and I can load them up in excel and see if anybody is coming from the same place a lot. This is not practical for a large campaign or sophisticated click fraud.

Also you realize not everything is click fraud. There are just some stupid people out there that will click on anything with no malice or even knowledge of what they are doing.

I also try to get ip addresses of people I think might be clicking on my ads. You can do that with a little social engineering. You just need to get them to click on something that records their ip.

I then exclude those ip's

IP exclusion in Adwords/Adsense is just not manageable enough to do that IMO. I run a small campaign for a single, niche/small book publisher. That's all we sell is our own books - 24 of them to be exact. It's a small account of 25 campaigns: one per book and one for "brand".

If I find out that a "malicious user" is clicking my ads (like you suggested), even if I could find his IP it would almost certainly be impossible to stop him.

1) Google has a limit of 500 IP addresses
2) Google does not use CIDR notation

This means that, if I know this user is on {insert popular wireless carrier} and I know his IP address, the next time he connects it likely won't be from that IP but will be from an IP on that /24 subnet. For example:

1st hit: 107.1.2.34
2nd hit: 107.1.2.77
3rd hit: 107.1.3.87
4th hit: 107.1.4.87

In Google, I could block 107.1.2.*, 107.1.3.*, and 107.1.4.*. That's fine - except that network owns everything /16: 107.1.4, 107.1.28, 107.1.254, etc. If I wanted to list every possible IP on that specific network, I would have to list 255 IPs: 107.1.2.*, 107.1.3.*, etc. Pretty soon I'm "full". And don't forget that I have to then copy/paste this to each campaign (we have 25).

Better suggestion would be for Google to support CIDR notation - with one line, I could block them all:

107.1.0.0/16

C'est la vie. In the end, it's too much work for any except the most egregious.