Prevent Fraudulent Traffic?

Forum Moderators: buckworks & skibum

Prevent Fraudulent Traffic?

I'm getting tons of fraudulent traffic and forms from Google Ads

lesterj

6:32 pm on Sep 11, 2025 (gmt 0)

Hi,

I have a client in the HVAC industry, and they are getting tons of fraudulent traffic by "people" who submit spammy forms on the client's website. I'm trying to find a way to stop it.

I've set up a honey pot trap on the forms (a field only bots would see and complete so they can be filtered), but that hasn't helped much. So, perhaps these are real people.

I've also tracked the IPs of the traffic for the past couple of days and am only seeing one visit per visitor on nearly all the traffic, but also less than 20% of the traffic was identified as using a VPN. The campaign is location limited within the U.S. and I'm getting clicks on relevant search terms.

These fraudulent people are eating up the daily budget and preventing real conversions, but I'm not sure what to do to stop them.

Any recommendations?

Thanks in advance for your help.

Thanks.
Lester

not2easy

11:57 am on Sep 13, 2025 (gmt 0)

Hello lesterj, good to see you here again. Not so good to have bots affecting your client's ad budget.

You don't mention your server environment, but if you're on Apache servers, there are ways to sort humans from bots by logging the headers. In our Apache Forum you can read about the how and why, which was shared some time ago by lucy24: [webmasterworld.com...]

If that looks interesting to you, you can start a thread in that forum for more specifics.

Another option would be to analyze the site's server access logs. With some effort and experience it can show you who's doing what, and how.

londrum

3:10 pm on Sep 13, 2025 (gmt 0)

some of the things that helped for me was completely disabling the form in the html - putting disabled=disabled on all the inputs textareas and submit button, and removing the URL in the <form action=""> bit - and then re-enabling it all again with javascript.
i've also got a hidden honeypot input asking for a telephone number - if the bot puts something in then the form doesn't get sent.
and i've got my own custom bot-check question as well

i also drop a 2-minute cookie on them after they've sent a message, and if they really are humans they have to wait until it expires before they can send something else.

none of it is foolproof of course, but if you do loads of different things then it stops 99% of them

Brett_Tabke

6:20 pm on Sep 15, 2025 (gmt 0)

Ad traffic? Use ClickCease.

lesterj

3:19 pm on Sep 23, 2025 (gmt 0)

Thanks, Everyone.

It's a cloudflare serve.

I may look into replacing the form with javascript, but I'll have to talk with the developer and weigh the pros and cons.

I just started ClickCease and am exploring that. Brett_Tabke, any tips for using ClickCease?

Thanks.
Lester