Welcome to WebmasterWorld Guest from

Forum Moderators: open

Message Too Old, No Replies

Fighting fraudulant clicks with ppc xml feeds

what's the best route to take



9:44 pm on Jun 4, 2008 (gmt 0)

10+ Year Member

PPC XML feeds can lead to a lot of fraudulent clicks if you give them to the wrong people. What's the best route to take to combat fraud?

A few early suggestions have been:

[A] build a javascript version where all the results have to be hosted by us but they can be iframed.
[B] build a follow me system to actually follow the surfer and see how many pages deep he goes and if he fills out a form or does the advertisers MWR.

that's about it, so far, and I'm not overly takem with either suggestion. i like simple systems best. I prefer to just work with top 2000 websites and allow advertisers to ban affiliates with poor conversions

any ideas


1:31 pm on Jun 5, 2008 (gmt 0)

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

A) That would put one thin barrier of entry between your ads and a robot, but it doesn't really prevent click fraud. It just moves a page from one host to another. The criminal can still load the ads page directly with the same URL as is used by the iframe. Besides, 3rd party iframe implementations have layout issues when the size (ie character length, height or width of the rendered ads) is uncertain. Nice for banner ads and AdSense, but not so good for text links with unknown-length subtitles.

B) that's not PPC.

Preventing PPC click fraud is a lot like developing a spam filter. You need to build a set of rules, algorithms, processes that can tell the difference between a "legit" click and a bot, macro, botnet, or someone just clicking on their own ads using proxies and UserAgent spoofing. In order to "teach" a system to recognize fraudulent clicks, you need a large sample set where the fraudulent status is either known or statistically inferred. Then you can use Baysean filters or K-means analysis or neural something or other to build your fraud detection brain. It's not simple, at all. And there's an army of criminals working for the dark side!

You have two opportunities to prevent bots and fraudsters from clicking a PPC ad: once when the ads are requested, and again when the ad is clicked.

There are experts in this subject... I am not one. But I know a few basic principles

1) When the ads are requested,
require the publisher to send along the user's IP and UserAgent
- validate the User Agent
- validate the IP
- employ rate limiting, and/or have filters in place to detect massive numbers of requests from the same IP

2) When the ad is clicked
- employ whitelisting and blacklisting in tandem
- check that human-like behaviour preceded the click
- trigger the alarms if one IP does a lot of clicking
- look for timing patterns, such as clicks that happen exactly every 10 seconds
- throw away any clicks that come from IPs that are known to be used by the publisher themself

One PPC syndication company I know requires publishers to put a piece of hotlinked Javascript on the page along with the ads. It does some magic on the client side to determine "yes, this is a browser which supports javascript, and a user is moving their mouse and putting it over a link, and now he's pressing the mouse button". If those criteria are met, in order, it accepts the click as being genuine. Javascript generates a checksum, pops that onto the href, then validates that at the server before redirecting to the advertiser. A pretty ingenious scheme, I must admit, I wish I'd come up with it myself.


3:35 pm on Jun 5, 2008 (gmt 0)

10+ Year Member

Thank you Ian for moving the post where it will likely get more interest. And thank you for sharing what you know. Your observations and knowledge are really quite impressive. I focus on marketing and leave the tech matters to others but it helps to have a general idea of what's going on.

While this discussion is about "How to protect your ppc xml feed" it would also be equally good to hear some comments on the vulnerability of banner networks or ad systems that charge cpm. Everywhere i look there's a new banner network and many of them seem to flourish. I'm guessing they face the same uphill battles when fighting fraud, but community comments are welcome.


Featured Threads

Hot Threads This Week

Hot Threads This Month