* The Business of Software

A community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

This community works best when people use their real names. Please register for a free account.

Links:

» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)

Moderators:

Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

Google AdWords/AdSense ClickFraud

I'm having some serious problems with ClickFraud on my site.

When I activate my AdSense campaign, not much more than 5 minutes go by before they are all over it.. Multiple clicks from the same Internet IP's in Malaysia, Poland, Hongkong etc. (I tried to exclude certain countries in my AdSense account, but they seem to go through proxies, so its not much use)..

Tried just now and within 2 minutes I had around 20 clicks, which were clearly fraudulent (they seem to use some kind of tool - no pictures on the site were loaded according to my log). I guess that was around €20, which went up in smoke there. The super-duper top secret internal Google clickfraud prevention system, which is supposed to deduct the invalid clicks at the end of the month, only seems to catch an extremely small fraction of the clicks, but not nearly enough. I can't see which clicks I actually pay for in the invoice from Google, so it's a bit hard to say.

AdSense is completely useless to me as it is now, so anyone got a tip or two to get around this annoying problem. Google Support isn't much help either - "We'll detect the invalid clicks", they say, but that's not what I see.

Kind regards
Bjørn
Bjørn Send private email
Friday, October 21, 2005
 
 
I have never had very good luck with Google AdSense campaigns, and it only seems to get worse.  If you show your logs to Google they will often refund your money.
Phil Send private email
Friday, October 21, 2005
 
 
I've been toying around with adwords and have found them to be useless, at least so far.  I've noticed that visitors from adwords seem to average about 1.1 page hit per visit, whereas visitors from google search results average about 2 page hits. 

I've just started to limit my search results to search networks only.  I hope this cuts down on the incentive for click fraud.  I think google is in for some big trouble down the road if they can't get their act together...I can see a class action lawsuit coming.

I think someone was just asking on this forum how Google profit has spiked so fast.  Perhaps fraud plays a big part.
ian Send private email
Friday, October 21, 2005
 
 
Personally, I can't see how anyone can have profit from clickfraud except for Google...
Berislav Lopac Send private email
Friday, October 21, 2005
 
 
If you have a website and you have Google ads on that website you get paid by the click.  An advertiser pays Google for ads, Google pays people a small part of that for clicks that originate on their sites.  So if I have a script or whatever running on my site or something that points to my site that generate 'clicks' I get paid by Google. 

That's how people other than Google get paid.  Granted, Google gets paid more than the people generating the fake clicks but that isn't the motivation for generating the clicks.
0xCC Send private email
Friday, October 21, 2005
 
 
The only way I can see this working in the future is to use a pay per acquisition model.  There's no faking a purchase. 

Right now I don't see a way google can implement such a system.  However, after their PayPal alternative is online, they could tie it all together.
ian Send private email
Friday, October 21, 2005
 
 
I have had a similar experience with AdSense turned ON. The number of clicks increased but most of them were useless. So no more Adsense advertising for me.
Atul Send private email
Friday, October 21, 2005
 
 
Hey Ian, that sounded like a good idea limiting the ads to "Search networks" only. I actually didn't try that, so I just did ..

.. And after 30 seconds there they were clicking happily away again.. I think thats it for me and AdWords.
Bjørn Send private email
Friday, October 21, 2005
 
 
Hmm.. My AdWords account just updated and after doing "Search Network" only, I can now see that they are targeting one specific AdWord. If I remove this word, the problem would probably go away.

Its of course the "golden" AdWord, that describes what my comapny does, but I guess I have no choice.
Bjørn Send private email
Friday, October 21, 2005
 
 
I often click ads on google while searching and then just close the page without looking at it.

I do this cause i hate advertisers who place their ads on your search criteria but actually have nothing to really offer, websites like bizrate.com, who will show you their website on *anything* you search for.

At one point the google ad's used to be helpful but not anymore.
GROK!
Friday, October 21, 2005
 
 
I've given up on content ads, I wasn't making any money. Don't know whether this was click fraud or not.

I don't see how search can be fraudulent, unless they are doing sponsored links on their site and then click on them themselves. Surely Google would spot this?
Andy Brice Send private email
Friday, October 21, 2005
 
 
Yes, it is actually a bit strange, but immediately when I activate my campaign, the clicking starts.. It also happens, when only "Search networks" is activated. Just tried it again with a narrowed down list of countries to target.

It is definetly a tool, which is doing the clicking and the person(s) is hiding behind a proxy in South Africa today. I checked the logs for yesterday, which showed a similar click-fest and the proxy was in Japan then. The proxies don't hide the originators IP, which seems to be in Malaysia. There are other countries, but this Malaysian dude is the worst..

I believe it is a tool since it only loads the URL pointed to by the ad and not any images, javascripts, stylesheets or whatever may be in the page.
Bjørn Send private email
Friday, October 21, 2005
 
 
"I don't see how search can be fraudulent, unless they are doing sponsored links on their site and then click on them themselves. Surely Google would spot this?"

Because people also click ads to be malicious and destory competitors ad budgets.  So if his "golden" word were "bug tracking" the FogCreek staff could do searches and click away at their competitors...not getting anything from it besides the satisfaction you are wasting a competitors budget.  Thats the other major problem right now with Google Ads.
Phil Send private email
Friday, October 21, 2005
 
 
" Personally, I can't see how anyone can have profit from clickfraud except for Google..."

Actually, it's profittable for others...

If you're Company A and your competitor Company B is using AdWords, by having someone click on all their ads, you can push their customer-acquisition cost through the roof OR deter them from using Adwords at all OR get them to burn through their daily budget and remove their ads from the display which moves your ads higher.

And if you can pay some poor third-worlder $2/hour to do it or on a per-click basis, you've increased your costs, but effectively removed competition.

It makes a *whole lot* of sense in those cases...
KC Send private email
Friday, October 21, 2005
 
 
I don't do "Content" ads any more either.

With search ads only, my ad costs are about 1/4 or better, and the sales are the same.  Obviously, the ROI on ads is much better with search only.

Bottom line, no more Adsense ads.
anon
Friday, October 21, 2005
 
 
I think that if Google wanted to be fair to their advertisers, simply the rule of charging for one click per IP address per day would both raise the value an advertiser would perceive of their service.

Note that with this model, we are talking about of one charge per potential customer (who could visit the site twice via the Ad, as I do sometimes) and reduce the effects of some malicious behaviors.

But why would Google would that if they have a model that works well for them financially speaking?
Pep Send private email
Friday, October 21, 2005
 
 
"But why would Google would that if they have a model that works well for them financially speaking?"

Well, if the perception of fraudulent clicks becomes widespread - whether true or not - it damages their brand, their revenue, and their stock price.

They have very good reasons to clean it up...  now we'll see how long it takes.
KC Send private email
Friday, October 21, 2005
 
 
> If you're Company A and your competitor Company B is using
> AdWords, by having someone click on all their ads, you can
> push their customer-acquisition cost through the roof OR
> deter them from using Adwords at all OR get them to burn
> through their daily budget and remove their ads from the
> display which moves your ads higher.

I thought this was the definition of fraudalent clicking and I thought Google filtered for it. In fact, I was reading about some dude explaining how to use adsense, and he said if you click on the ads that show up in adsense too much by mistake while you are trying to set it up on your website, you could get flagged by Google.

Oh well... All good things come to an end eventually.
dil.b.ert Send private email
Saturday, October 22, 2005
 
 
>.. simply the rule of charging for one click per
>IP address per day would both raise the value an advertiser
>would perceive of their service.

I analyzed the logs and it could be that this is a single person after all even if the clicks come from different IP addresses. This tool, that's being used to click, seems to be able to change proxy on the fly, since many of the clicks are seconds apart, but from different IP's. Some of the proxys however let me have the "X-Forwarded-For" header, and the originating IP is always the same (at least the clicks from yesterday and the day before).

I have sent the logs to Google, but it's probably not an easy one to solve.
Bjørn Send private email
Saturday, October 22, 2005
 
 
<i>I think that if Google wanted to be fair to their advertisers, simply the rule of charging for one click per IP address per day would both raise the value an advertiser would perceive of their service.</i>

The problem with that is the number of ISP's who have transparent proxy servers - so you can have tens of thousands of users all clicking ads from the same IP address. The best value for an advertiser is to find an ad provider who pays based on success, but that can be easily faked on the advertisers side.

Click fraud is something we have to live with - the automated process to pick it up is never going to be 100% accurate, and you are never going to be able to send ads to a client in such a way that a bot can not forge clicks. Google tried to obfuscate their ads they have at the moment by using Javascript, but this just added an extra layer of complexity that the fraudsters had to overcome.

Clickfraud is obviously more prominant on adsense sites than on search ads since there is no direct financial motivation to click on your ads when they appear in search results. The only threat there is are competitors clicking or script-clicking your ads to hit your daily budgets and just cause headaches.

Clickfraud would not be an easy case is court either, it would be very difficult to prove that the ad *you publish* is frauduently being clicked on and it is Google's fault. How would you describe in court the difference between a 'geniune' click and a fraud click, when at the lower technical level they are the same.
Nik Send private email
Saturday, October 22, 2005
 
 
Yes, it would be difficult to prove that certain clicks are fraudulent. I wrote a simple little script, when I discovered that something wasn't right, that will pick out those "clean" requests, where the clicks are seconds apart and nothing else is loaded except the URL pointed to by the ad. Normally a browser would try to load a favicon, the stylesheet, some javascript or the images included in the page even if it was cached at clientside at some point.

I don't know if that would hold up in court, but it probably wont. What I am mostly excited to know is to know how much my account will be credited at the end of the month. As far as I can see, it should be at least €20 from the clicks generated only yesterday.
Bjørn Send private email
Saturday, October 22, 2005
 
 
I still see it that Google is the only winner here, as well as anyone tih a financial interest in them. Since they went public, the number of the latter has greatly increased; it's not that har (for my paranoid self at least) to imagine a hacker getting a few thousands' worth of Google shares and then unleashing a clickfraud script to increase Google income and accordingly the value of their shares.

A smart script could be able to use servers around the world to cover it's tracks (as Bjørn reported). Such a script could create millions of clickthrough bucks; while the author probably wouldn't earn millions himself (or perhaps he would?), it surely beats the hell out of working for salary.
Berislav Lopac Send private email
Saturday, October 22, 2005
 
 
Obviosly clickfrauds hurt google by making advertisers less interested in buying advertisement from google.
And for stock.
The fraudster would need to add BILLIONS of dollars worth of money to double the cash it originally would put there so its  no reason.
So there are few potential reasons for frauds in search.
1) They want to hurt you.
2) They want you out of competing them with adword price.
3) They want to hurt google.
Jouni Osmala Send private email
Saturday, October 22, 2005
 
 
"The fraudster would need to add BILLIONS of dollars worth of money to double the cash it originally would put there so its  no reason."

My point is that it would not be too difficult, with a good script and inside information about which sites display ads.
Berislav Lopac Send private email
Saturday, October 22, 2005
 
 
Google stock is like $317.00 per share as I type this. My adword costs continue to rise for even the most obscure terms. Terms that previously generated almost zero traffic are becoming inactive and I am prompted to increase my bid to reactivate the word.

I get daily clicks that I suspect are fraudulent from competitors or people wanting to drive up my cost for whatever reason. It is a major time eater researching this and the more I look at it the more I don't like what I see.

The bubble is going to burst on this sooner or later. I do not see how Google can maintain their guidance forever when their business model is based on mystery, denial and the fact that much of their revenue is derived from others who are engaged in abusing Google advertisers via click fraud.

Eventually the pain is going to be too great for many advertisers and the noise from that will kill Google growth. I already see murmers of it happening right here with the comments already regarding Adsense.
Craig
Monday, October 24, 2005
 
 
Correction. That was $347.00 per share instead of $317.00.

Didn't want to start a panic!
Craig
Monday, October 24, 2005
 
 
Why does any advertiser turn on Content Match?  I manage several accounts and over a year and a half ago concluded that fraud was out of control.  I turned off content match, and recommend everyone do the same.
Bruce Shiperly Send private email
Monday, October 24, 2005
 
 
Bruce, what is content match and how would turning that off help solve the problem ?
Jeff Send private email
Monday, October 24, 2005
 
 
I thing "Content Match" is the Yahoo equivalent to showing AdSense ads on websites.

I tried to turn that off to though, and it didn't help in my case.
Bjørn Send private email
Tuesday, October 25, 2005
 
 
I think if PFA (pay for acquisition) was instituted, this whole click fraud problem would go away, to a large extent.
When clicks and paychecks are destined to Malaysia, India, China, etc. I would think that Google's accounting dept would have a system to double check the validity of the earnings before issuing any significant checks?

The other problem ocurring right now is people having their Adsense accounts closed without any viable reason as to what caused them to be banned.

Another problem is people trying to destroy other people's successful adsense publishing sites by trying to sabottage their adsense accounts.

Google stays pretty  quite about these issues and silence is what causes people to start mistrusting the system.

All this tells me that people are, well, evil or full of crap or both. Why cheat? Because these bad elements can get away with it and actually profit from their illicit activities. Unfortunately.
The Poor Jerk Send private email
Wednesday, October 26, 2005
 
 
Here's a possible solution: When a user clicks on an ad in adword, Google displays a window a graphic containing several distorted characters, plus a box for the user to type in those characters (similar to that displayed when signing up for a new Yahoo account for example).

When the user types in the characters correctly do they get taken to the adword's target site. Only then does the advertiser get charged and the adword host get their commission.

This would (a) help to prevent robot clicks and (b) filter out users who weren't interested enough in the target site to type a few characters to get into it.

This might reduce Google's income short term but it would provide better quality service for which they might be able to charge more.
Send private email
Thursday, October 27, 2005
 
 
It would also mean your blind users won't get to see your website. Those CAPTCHAs are real gotchas in terms of usability.

If I was asked to do that CAPTCHA thing for each website I visit from an ad I wouldnt bother at all. Google can just as well disable the AdSense program.
Baruch Even Send private email
Thursday, October 27, 2005
 
 
Can anyone shed some light on the economics of these scams?
How many clicks do the fraudsters need in order to profit?

Bjorn suspects automatic means are being used, and Joel's article also said that they are using botnets.  However, most other sources I know are talking about them capturing innocent traffic that arrives at their (many) fake sites.

So, anyone know which is true?  Or maybe both are?
Adam Morrison Send private email
Saturday, October 29, 2005
 
 
Looking to my paycheck from Google, I can definitely say, that Adsense Ads on my pages are not clicked by bots. I can't imagine, that Google wouldn't recognize, when my ads would be clicked by bots. It would be just too many parameters to manipulate. As soon as Google sees the underlying traffic pattern by the bot, I would think, Google just won't pay off the programs from such plans.

May be your ad traffic is useless, but real user traffic?
Marcel Bartels Send private email
Sunday, October 30, 2005
 
 
Looking at the logs I had collected, the clicks I was experiencing were definitely bots. No browser I know generates a single GET request without loading anything else and when several of these requests from different IP's (public proxies with the same originating IP seen via the exposed 'X-Forwarded-For' HTTP header) are happening within a timeframe of a couple of minutes, something has to be wrong.

I sent Google the logs I had collected and they returned 1/4 of my budget for october, so thats nice. I activated my campaign a couple of times since then and there has been some bot activity, but not that much. It's inactive again however, since I do not have the time currently (and I don't want to let it loose just yet) to monitor it all, but I suppose I will activate it soon again.

Regards,
Bjørn Send private email
Tuesday, November 01, 2005
 
 
Let me explain my situation, and maybe you guys can give me an opinion. I own a business, and one of our workers tole all our informtion, and went into business for himself. He now competes with my website and has opened a retail location about a block away. We compete for keywords and I noticed some clickfraud on the account because my bills were way to high, and always running out of funds while he stayed up top. I purcahsed this adwatcher software that tells you the ip address if someone clicks on your ads more then once in a day. I then went to geobytes.com and entered some of the ip address and a lot of them showed up in the same location as i'm in. The exact location actually. It gives yo a general map of where the person is located. Am I crazy? Or is this obvious it is my competitor who is right up the block?

Thanks,
Dan
Danny Schifter Send private email
Sunday, November 06, 2005
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz