Log Files vs Javascript Code

Thursday, May 22nd, 2008

I have written in the past about the various mechanics of click fraud software on the market, but I thought I would extend on this and talk about the benefits of log file analysis versus javascript tag implementations.

If you have checked out my consultancy page, you will see I am a fan of log file analaysis, in this post I will say why I hold this position, and it is due to two incredibly important facts

You can Disable javascript on your browser

Users have the option to disable javascript on their browser. As JS is client side scripting language, if the browser is not prepared to run your script, there is no way to capture metrics on the visit. Any tech-savvie click fraudster will disable javascript as their first port of call. This then renders your click fraud tool useless.

Some bots can be in and out before a script is loaded.

Analysis of certain click bots has shown that they can hit your site, register a click with Google and drop off your site, before your javascript has had time to load up and capture the visit details. This visit will however be recorded in your web servers log files.

How to Test This

Don’t belive me, then here is a quick test in another area of log file vs javascript to prove the problems with scripted implementations.

1) Review your traffic data from a log file analysis package such as webalizer

2) Review your traffic data from a javascript service such as Google analytics.

I am prepared to bet that your visits will be higher on the log file to javascript package. This is due to a number of factors including the two outlined above.

As a parting word I would like to say that there are some instances where javascript tags are the only way to analyse your traffic, for example if your ISP does not give you access to your logs in a hosted environment. If that is the case, go with the scripts, the more evidence you have, the better your chance of a refund from the search engines.

Tags: click fraud software
Posted in Features, How To | 1 Comment »

How to stop click fraud

Monday, January 28th, 2008

This blog is all about the battle against click fraud and other low quality clicks, here are my top posts telling you how to stop click fraud.

They should act as an introduction to the subject of click fraud.

• What is Click Fraud?
• Competitor Click Fraud
• Publisher Click Fraud
• Mechanics of Click Fraud Software
• What is a Click Farm
• ClickBot Autopsy
• Click Fraud - The High Risk Countries
• Impression Fraud - A Definition
• Getting a Click Fraud Refund from Your PPC Provider
• 5 Optimisation Tips to Reduce Click Fraud
• What Are Google’s Invalid Click Filters?
• Click Fraud Investigation Service

If you would like to keep up to date with developments in the click fraud arena, why not subscribe to this site for free via RSS or Email using the links at the top of this page.

Tags: Click Fraud
Posted in Features, How To | No Comments »

Publisher Click Fraud

Sunday, January 27th, 2008

In this post I am bringing together all of the articles I have written about publisher click fraud in one central place.

As additional articles are added, this resource will be updated. Please subscribe to this blog to be notified of updates as they happen.

• What Is The Content Network?
• Publisher Click Fraud - A Definition
• How to Spot Publisher Click Fraud

Tags: publisher click fraud
Posted in How To | 1 Comment »

What is Google’s Content Bid

Tuesday, January 15th, 2008

I want to spend a few moments talking about a function in Adwords called content bidding and how it can be useful in the fight against click fraud.

What is it?

If you advertise on Google’s content network, the home of the nefarious publisher click fraudsters, you need to understand content bidding.

A content bid allows an advertiser to set a separate price for clicks coming from the content network as opposed to the search results page. Google already reduce the price of content network click from the content network due to their measured lack of quality clicks, but a content bid allows you to go a step further and set the price of a click coming from a syndicated ad site.

Why it is relevant in a click fraud content?

By limiting your costs per click from the content network, you are implementing a control which limits your publisher click fraud risk to a level you are comfortable with. As in all PPC advertising analysis of metrics is key. If you are getting very few conversions reduce your content bid and concentrate on other areas to publish your ads.

The lower the price per click the less attractive you are to a publisher click fraudster, and be sure they have metrics in place to see which ads and keywords generate the most revenue.

I would advise everyone advertising on the content network to investigate content bids and to drastically reduce the amount they pay for content clicks versus search result clicks as the quality of the content click is far lower.

Tags: publisher click fraud
Posted in Features, How To | No Comments »

Baselining to Protect Your Campaigns

Monday, December 17th, 2007

Over a number of posts I am going to discuss the topic of baselining and how it can help to protect your campaigns from Click Fraud

What is Baselining

wikipedia describes baselining as

Baselining is a method for analyzing computer network performance. The method is marked by comparing current performance to a historical metric, or “baseline”. For example, if you measured the performance of a network switch over a period of time, you could use that performance figure as a comparative baseline if you made a configuration change to the switch.

I like to think of it as trending your normal traffic levels. In a click fraud context, if your metrics begin to exceed your baseline in any significant way, it is an indication that all is not well.

Metrics Available

Your web server software will collect a large number of metrics about your visitors behaviour. These include the source IP address of the visitor, the type of browser or user agent they are visting from, time of visit, whether cookies are enabled. The list is quite long. For a full list of the metrics available to you, please review your own log files.

What you should baseline to protect against click fraud

I will detail how to baseline the metrics in details in individual posts, but in summary, I like to baseline

• Bounce Rate
• Click Through Rate
• Time on Site
• Source Country
• Depth of Visit
• Conversion Rate

Google Analytics

The next few posts will be fairly interactive, and I will detail how to baseline the various metrics using Google Analytics. This is a free Analytic tool, whilst I think it has it’s flaws as a click fraud detection tool (I will detail this in the last post in this series), it is freely available and very easy to use. If you would like to work through the posts, please have analytics installed and collecting data in preparation.

In the next post I will dicuss bounce rate.

Tags: Click Fraud
Posted in Features, How To | No Comments »

How to Spot Publisher Click Fraud

Tuesday, November 27th, 2007

In a previous post I gave a definition of publisher click fraud. I would like to expand upon this to give details on how to spot publisher click fraud from Google’s Adsense programme.

Capturing the Metrics

Every click from the content network comes complete with some very valuable information which helps catch the fraudster. This is called the referrer information. To get this information you will need access to an analytic package such as ClickTracks or be able to download your raw web server access logs.

When analysing the data, you should look for a string such as the one shown below.

http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=1172774004749&lmt=1188167485&prev_fmts=468×60_as&;format=728×90_as&output=html&correlator=1172774004398&url=http%3A%2F%2Fwww.aminarts.com%2Faug_17_07.htm&color_bg=FFFFFF&colo

This may seem to be so much gibberish, but when it is parsed into more manageable chunks it is far easier to read.

http://pagead2.googlesyndication.com/pagead/ads

client=ca-pub-0558200840132548

&dt=1172774004749

&lmt=1188167485

&prev_fmts=468×60_as

&;format=728×90_as

&output=html

&correlator=1172774004398

&url=http%3A%2F%2Fwww.aminarts.com%2Faug_17_07.htm

&color_bg=FFFFFF&colo

Analyse the Metrics

When we break this down we see the unique publisher ID in the client section e.g ca-pub-0558200840132548 , and further down we can see the URL on which the advert was published. In this case the offending site was www.aminarts.com Please note this is data from a real click fraud attack. Full details of hte incident can be read on Click Fraud- A Story of Intrigue.

So we have the data, we know how to decipher the referrer string. It is now time to try and spot patterns in the data. The first stage is to spot repeated clicks from the same client publisher. This is of course not fraudulent clicks, rather it is the desired action from the content network. We need to correlate this data with repeated clicking from the same source. This is done by capturing the IP address.

The above may seem complicated, but it is relatively easy to do using excel, download your log file and import it into a spreadsheet. I will cover how to do this in a future post, please subscribe via RSS to get updates on future posts. The alternative is to subscribe to a click fraud software solution, these will spot multiple clicks from publishers for your automatically,check the review section of this site for information on the various solutions available.

At this point we have captured repeated clicks from one source address against one publisher, what does an Adwords user do next? Firstly supply the data to Google for a refund, please refer to my article Getting A Refund from Your PPC supplier for details on this. Next I would blocking my ads from thsi site. Consider if this site is giving you any return on your investment, if not, simply exclude the site using hte tools on your adwords account managment page.

campaign managment -> Tools -> Site Exclusion

I also use a belt and braces approach by excluding specific IP addresses from my campaigns to stop ads being displayed to repeate clickers. Again this is done from the tools section of your Adwords management page.

Conclusion

When conducting risk assessment reviews with my clients I ask, what value are you getting from advertising on the content network? Broadcast distribution to all and sundry is often very risky and the clicks are of low quality. If possible ditch these ads or target them more closely. Google now offers site targeting for CPC campaigns. This is where the advertiser can choose a site to display their ads on. It is advisable to choose site you feel you can trust.

Tags: publisher click fraud
Posted in How To | No Comments »

What is a Made For Adsense (MFA) site?

Wednesday, November 14th, 2007

UPDATE: Since this post was first published in October 2007, a statement from Click Forensics suggests that 60% of traffic from MFA sites is click fraud.

Over 60 percent of traffic from parked domains and made for ad sites was click fraud

Google’s Adsense has created an environment where on-line advertising is a commodity to web site owners. Even tiny blogs can advertise multinational corporation’s products without the need for an ad sales team, or embarrassing questions on how pitiful a sites audience is.

The Adsense programme allows website owners to syndicate adverts from the adwords programme and receive a share in the ad revenue when the ads are clicked upon. The more clicks the more income for the site owner.

In recent years an alarming rise has been seen in the made for Adsense or MFA sites. These sites have zero content, rather they are made up of Adsense ads pointing to other websites. The MFA site owner will create an adwords campaign bidding on a high value keywords, an example of this could be home mortgages. If they create a compelling enough Adwords ad, the Google user will click through to see pages of Adsense ads pointing to other legitimate home mortgage sites.

The MFA sites are often cunningly designed so the Google sponsored links look like valid content links, which the user will unintentionally click on, thus generating income for the site owner.

How do these sites have a profitable model? There is a flaw (in my opinion) in the Google algorithm for ad placement which involves max cost per click x click through rate, so if the MFA has a max CPC of 0.25 and the legitimate sites are bidding on 1.00, if the MFA sites has a high click through it will appear above the 1.00 bidder, and if the Google payout is in excess of 0.25, there is the profit.

Is this click fraud? No these site work within, but near to the edge of the Adsense rules. Should these clicks be marked as invalid? In my opinion yes, the low quality of the clicks caused by the deception of the end users tarnishes Google’s business model which is already stained by the high level of click fraud coming from the content network (the network where Adsense resides).

Tags: made for adsense, MFA
Posted in Features, How To | No Comments »

Publisher Click Fraud - A Definition

Tuesday, November 13th, 2007

In a series of articles, I will discuss a particular branch of click fraud known as publisher click fraud.

In previous posts I have discussed competitor click fraud,where companies or individuals competing against you in the PPC rankings click on your ads in an attempt to deplete your daily budget, and hopefully remove your ads from the search engines. Publisher click fraud on the other hand is where webmasters syndicating pay per click ads from suppliers such as Google or Yahoo click on their own ads.

Ad Syndication

Syndication of ads is done by most of the major pay per click suppliers, perhaps the most widely used syndication system is Google’s Adsense program.

Using Adsense, webmasters are able to insert a small piece of code into their websites html and Google will display ads on their behalf. Google spiders or automatically reads the sites to find out it’s subject matter. Adverts are then displayed in context with the content of the website.

If a user of the website clicks on the links, a transaction occurs and the advertiser is charged an agreed amount. Google and the webmaster then take a share of this ad revenue.

The syndication and supply of ads on websites is a very common practice and it helps provide a small additional income to a large number of bloggers (including myself), the problem comes when unscrupulous website owners begin clicking on their own ads in an effort to increase their revenues.

How the fraud occurs

Publisher click fraud can happen in three main fashions:

The first is for the website owner or people he or she knows to repeatedly click on ads displayed on the website. This is probably the most ineffective method as it is widely suggested Google and the other search engines have fgilters in place to capture repeated clicks from the same IP address.

The second method is more technical and it involves the use of clickBots. A clickbot is a computer program controlled by a nefarious individual known as a Bot Herder. The Herder uses vulnerabilities in PC’s to create an army of infected computers which will run a program to click on a particular ad. The low noise level of hundreds (or even thousands) of individual IP addresses means this will probably go undetected by automatic filters
Thousands of clicks will occur, and generate substantial income. I reviewed Google’s analysis of a clickbot known as ClickBot.A, and Google state that attacks of this type can generate six figure incomes.

The last method of publisher click attack is via a click farm. Using this method, a small amount of money if paid to staff in the developing world to click on a link and pause on the target site, click on a few links, even sign up for a newsletter in the hope that the activity will appear to be that of a legitimate user. Each of these clicks on a link generate income, as long as the outgoings to the low paid worker are less than the click value, there is profit to be made.

How Much Fraud Happens

It is my opinion that there is a large amount of publisher click fraud happening, I was the subject of an attack whilst publishing Adwords ad on the content network, and Click Forensics, the publisher of the click fraud index have analysed the problem and suggest the percentage of clicks from the Adsense content network is in the 20s percent.

The average click fraud rate of PPC advertisements appearing on search engine content networks, including Google AdSense and the Yahoo Publisher Network, was 28.1 percent in Q3 2007. That’s up from 25.6 percent for Q2 2007, 21.9 percent for Q1 2007 and 19.2 percent for Q4 of 2006.

In the next post in this series, I will discuss How to Spot Publisher Click Fraud

Tags: publisher click fraud
Posted in Features, How To | No Comments »

Publisher Click Fraud - Video Guide

Monday, November 12th, 2007

In this video post, I present a video guide to understanding publisher click fraud

(Note video opens in a new windows)

View the video>>

Tags: publisher click fraud
Posted in Features, How To | No Comments »

How To Stop Competitor Click Fraud

Wednesday, October 24th, 2007

In the first two part of the series on competitor click fraud I created a definition of competitor click fraud, then went on to discuss how to spot competitor click fraud, now I will talk about how you can stop those pesky competitors clicks.

The most valuable piece of information you will have collected during your investigation into competitor fraud is the domain details of your competition. Using a service such as whois.org it is possible to do a reverse lookup of the domain name to get the IP address range of the company. Alternatively, the domain will be masked and you will already have a suspect IP address.

Equipped with the IP address head off to your PPC supplier and exclude the IP address from being able to access your ads. This stops your competitor dead in their tracks by not displaying your ad to any computer with the IP address (or range of addresses) you supply.

Using the belt and braces approach I then go on to ensure no competitors are able to display my ads on their domains by adding their name to my excluded list with regards to content network displays from Google.

So up to this point we have excluded machines from seeing our ads, the next point is to tell-tales. Make a report to Google about your findings, stating explicitly that you believe you have been the subject of a competitor fraud, refer to my article Getting a refund from your PPC supplier for details contacting the search engines.

The above points should be more than enough to stop competitor clicks, your only recourse if they keep attacking you is to contact your local legal team for a cease and desist letter. This will only work if your competitor is in the same jurisdiction as yourself. This of course may force the company to more underhand and alarming click fraud attacks through ClickBots or click farms.

I advise most people who are the subject of click fraud to look into one of the inexpensive click fraud monitoring solutions. They help to identify invalid clicks much more easily and provide a wealth of evidence to give to the search engines for your refund. Make it a matter of course to create a monthly report for fee refunds.

Tags: Competitor Click Fraud
Posted in Features, How To | No Comments »