Baselining - Bouce Rate

Thursday, December 20th, 2007

In a continuing series about base lining, I discuss Bounce Rate.

What is Bounce Rate?

Bounce rate is a metric which describes a users activity when they visit your site. If a person clicks though from an ad, or search engine result and immediately leaves your site, without looking at other pages, they have bounced. It is the aim of sites to have as low a bounce rate as possible. This means they are engaging with your content. A highly desirable thing for search engine marketers.

The Google Analytic Bounce Rate

As mentioned in Baselining to Protect Your Campaigns I suggested you should install and begin collecting data using Google analytics. This free tool collects and presents a large number of useful analytics.

The benefit of using Google Analytics is the fact that bounce rate is presented by default on the front page, and no complex analysis of time on site and depth of visit is required.

Why Baseline Bounce Rate

As mention bounce rate is an analysis of a users activity when you visit a site. The profile of a click fraudster is someone who will click through on your ad, and immediately leave.

This is especially true of bot activity and publisher click fraud where the main point is to click on as many ads as possible leave a site as soon as possible.

What to Baseline

You should be aware of your normal bounce rate. Mine is currently in the range of 43%. You should monitor and perhaps plot your bounce rate using analytics. If you see a sharp increase in bounce rate, this should make you ask questions. What have you done? Is there a change to your site? If not, and it is business as usual, you should start investigating your logs files in depth. I will discuss this in much more detail in another post in this series.

Caveat

Bounce rate should be used with other metrics to judge if your campaigns are at risk. The reason people are using click farms is to imitate a real user visiting your sites, clicking through to multiple pages, and perhaps adding a

Previous Posts In This Series

• Baselining to Protect Your Campaigns

Tags: Click Fraud
Posted in Features | No Comments »

Baselining to Protect Your Campaigns

Monday, December 17th, 2007

Over a number of posts I am going to discuss the topic of baselining and how it can help to protect your campaigns from Click Fraud

What is Baselining

wikipedia describes baselining as

Baselining is a method for analyzing computer network performance. The method is marked by comparing current performance to a historical metric, or “baseline”. For example, if you measured the performance of a network switch over a period of time, you could use that performance figure as a comparative baseline if you made a configuration change to the switch.

I like to think of it as trending your normal traffic levels. In a click fraud context, if your metrics begin to exceed your baseline in any significant way, it is an indication that all is not well.

Metrics Available

Your web server software will collect a large number of metrics about your visitors behaviour. These include the source IP address of the visitor, the type of browser or user agent they are visting from, time of visit, whether cookies are enabled. The list is quite long. For a full list of the metrics available to you, please review your own log files.

What you should baseline to protect against click fraud

I will detail how to baseline the metrics in details in individual posts, but in summary, I like to baseline

• Bounce Rate
• Click Through Rate
• Time on Site
• Source Country
• Depth of Visit
• Conversion Rate

Google Analytics

The next few posts will be fairly interactive, and I will detail how to baseline the various metrics using Google Analytics. This is a free Analytic tool, whilst I think it has it’s flaws as a click fraud detection tool (I will detail this in the last post in this series), it is freely available and very easy to use. If you would like to work through the posts, please have analytics installed and collecting data in preparation.

In the next post I will dicuss bounce rate.

Tags: Click Fraud
Posted in Features, How To | No Comments »

5 Optimisation Tips to Reduce Click Fraud

Wednesday, December 12th, 2007

The following list shows 5 key tips on how a pay per click campaign can be optimised against click fraud and hopefully improve your ROI.

1) Identify your keyword competitors and bar them access to your ads

Reason - competitor click fraud is done by companies bidding on the same keywords as you. If you know who they are, and stop them at source, they cannot attack you.

2) Geo-target your ads to where most of your conversions originate from and avoid the high risk countries.

Reason - Certain countries are more likely to be the source of click farm attacks directly at your ads or through MFA sites. Only display your ads in countries producing an ROI.

3) If the content network only provides low quality clicks with few conversions dump the content network

Reason - A high amount of click fraud comes from the content network, in fact it is the bastion of publisher click fraud.

4) Timezone target your ads

Reason - In the same way you should only display your ads in locations where there are conversions, only display your ads at times when conversions happen. If it is midnight in your time zone it may be business time for the click farm.

5)The higher the price the higher the risk of click fraud. Using standard PPC optimisation techniques spend your money on specific cheaper keywords rather than expensive (and more at risk of publisher click fraud) keywords.

Reason - Publisher click fraud will target more lucrative keywords. Using cheaper alternatives will act as a deterrent. Caveat, I have had click fraud attacks on 1 cent content network ads, so this does not always work.

Tags: Click Fraud
Posted in Features, News | No Comments »

Anchor Intelligence Causes a Stir at Techcrunch

Monday, December 10th, 2007

A-List blog Techcrunch has published details about a Palo Alto Click fraud company called Anchor Intelligence.

Their offering is one of the increasing number of tools aimed at the PPC supplier rather than an end user in an effort to stop click fraud at source.

Techcrunch is a blog about Web 2.0 startups and in particular the site discusses venture capital funding.

The story is fairly run of the mill, the thing which makes me comment on it are the comments by the Techcrunch readers. There is some pretty strong language and a large amount of bashing of the click fraud community. What sparked this was (I think) the statement that click fraud was in the high 20%.

Full details can be seen at TechCrunch

Tags: Click Fraud
Posted in News | No Comments »

Sick Blogging A Lister Commits Click Fraud

Friday, November 30th, 2007

A-List blogging celebrity Darren Rowse, author of the prestigious blog ProBlogger.Net shocked the entire world to it’s core today by committing and writing about click fraud !!!

Doddgy moustached Rowse (87) an Australian (say no more) commited numerous heinous acts of click fraud in an attempt to expose inconsistencies with the adsense programme. So how did he test his hypothesis - yes he clicked on the ads with no intention of giving the advertiser a sale or action. That’s click fraud in my book!!

ONLY JOKING, it just gives me a chance to be a tabloid journalist for a few minutes.

What Mr Rowse (not 87) is doing is highlighting the inconsitencies in the recently announced reduction in the click area. I discussed this in a news items entitled Google Tighten Adsense Ads in an Attempt to Reduce Unintentional Click Fraud.

Darren talks about how the Premier partners in the Adsense programme including Google’s own Gmail, Engadget and About.Com are not subjected to the reduced area and possibly reduced click through create by this change. Full details of his shock expose (there I go again) can be seen at ProBlogger.

On another note if the sites which were ruthlessly attacked by Darren want help to identify the fraudulent clicks, please contact me

Tags: Click Fraud
Posted in News | 1 Comment »

Tell the Invisible Man I Cannot See Him Today!

Thursday, November 29th, 2007

In this post I would like to discuss the lack of visibility Google supplies to it’s customers of incidents of invalid clicks.

Big G are not alone in their lack of visibility , but they are the worst offenders in my opinion.

What is the Problem?

There is no breakdown of where a click comes from, if it is valid, and if the Google filters have marked it as invalid. Google have grudgingly provided some information but definitely not enough.

We know how many click we have had, and which keyword is providing those clicks, but not where they originate from. Here is an example where this may be very important. You have seen a surge in clicks, and if you were able to see that the clicks were coming from a competitors domain name, this would set red lights flashing.

Another recent information release from Google was the invalid click report. This is an account or campaign level report and it shows how many clicks have been marked as invalid but again not where they come from. An example of where referrer information would be invaluable would be to show which domain clicks are coming from if you use the content network. This then gives a site you can exclude from your campaigns.

Phone Bill of Clicks

If you phone provider sent you an invoice for a large amount, you would expect to have an itemised bill with which you could balance your costs against the numbers you rang.

There is no equivalent with your click fraud costs. What I would like to see is the ability to analyse your clicks in the following format:

Keyword, Cost of click, Date and Time, IP details

This would allow analysis and optimisation of your campaign to stop clicks before they result in fraudulent attacks.

Industry Call to Action

I am not alone in the belief that he search engines should be more open with our data. The Click Quality Council are advocating the same message I am highlighting today

Search providers should provide advertisers detailed referrer information on all traffic that is billed.

Why All The Secrecy?

Google states technical reasons and confidentiality of their click fraud filters as the reason why they do not supply this information to all of it’s customers. They reckon that the sheer amount of data involved would be too difficult to report to the end user. Google has the data, it must to cross check clicks when people apply for refunds.

I understand that the unscrupulous could attempt to reverse engineer how a filter works and produce attacks which circumvent their protection techniques, but people are doing thsi now with low noise click bots.

Whenever there is a lack of visibility people automatically reach for the conspiracy theory button. “They won’t tell us because their filters are useless” or “They don’t want us to see the real level of the problem because it will hit their bottom line so badly”.

Conclusion

Google needs to regain our trust and come clean about what it and what are not invalid clicks, and provide us a complete list of what we are paying for and who is clicking on our ads.

Tags: Click Fraud
Posted in Features | No Comments »

It’s Click Fraud Class Action Time Again

Tuesday, November 27th, 2007

This time it is 2nd tier pay per click company Miva which is making lawyers in the US rub their greasy palms together.

The same company has lead actions for click fraud against a veritable who’s who of pay per click:

• Yahoo ,Overture Services, Inc.
• Time Warner
• America Online
• Netscape Communications Corporation
• Ask Jeeves, Inc
• Go.com
• Google
• Lycos, Inc.
• Looksmart, LTD
• Findwhat.com,

The settlement of the action has not been disclosed.
Full details of the story can be seen at http://www.lawyersandsettlements.com

Tags: Click Fraud
Posted in News | No Comments »

What Are Google’s Invalid Click Filters?

Monday, November 5th, 2007

Google has stated that it has multiple layers of invalid click detection. These layers are know as filters. These filters are, of course, kept confidential by Google to deter fraudsters from developing work-arounds. Using the Tuzhilin Report as my source, I discuss how I think the layers work.

Pre-Filtering

A number of clicks are pre-filtered before they hit the main filtering process. This is because they are know to be invalid at source and should not be charged for. Examples of these pre-filters are clicks coming from Google IP addresses. There is a function of all Adwords accounts to click on an Ad to test it works okay for example to ensure the landing page is valid. These types of clicks are pre-filters, are not chargeable and as a result are not passed to the filtering process.

Online Filters

Google run all clicks through what I call a rules engine. Each click is evaluated against a particular rule, if it fails, it is marked as invalid, and the click is not passed through to the billing process. There are multiple rules and the click must pass all of these rules before it becomes chargeable. What the filters are can only be guessed at, but it has been documented that a double click on an ad is one of the filters.

There is a finite number of rules which can be run on-line before the rules engine become a bottle neck, and the investment in technology to support this becomes too great. Therefore a number of offline filters are also employed.

Off-Line Filters

Once a click has passed through the on-line filters, it is marked as valid and a cost is charged to the advertisers account. This is not the last level of filtering. Offline filters are applied to the “click database” to query for and detect more complex types of invalid click.

Again the actual workings of the offline filters are confidential, but I suspect these are statistical analysis of the body of data on a user’s accounts. An example could be the analysis of trends such as low level noise clicks from a clickbotA or spotting anomalies on an account i.e. normal click trend is 9 - 5 local time, but a large number of new clicks are happening between 22:00 - 05:00. This is hypothetical to show the type of analysis I think occurs.

Off-Line filters come in two formats proactive and reactive. Proactive are automated resulting in credits to the advertisers account without their intervention, these tend to be done via code. Reactive off-line filters are started at the request of an advertiser after they have detected an issue (see Getting a Refund From Your PPC provider for details on how to start a request). These type of filters will be manual and a member of the click quality team will perform a review of activity and apply credits to the advertisers account if they detect any invalid clicks not already captured by automated filters.

Iterative Approach to New Filters

Development of new filters is an iterative process, as new methods of click fraud are detected i.e. new clickbots with new modus operandi,new filters will be added and inserted into the filter layers at the appropriate point.

Conclusion

Google’s implementation of the filters is not transparent so we never know if the filter are working correctly, or what they are detecting until we see credits applied to our adwords accounts. I have been the subject of click fraud attacks which appear to be very simple and yet I was granted credits to my account when I requested an invalid click investigation. This makes me believe that the sensitivity of many of the filters is set incorrectly and invalid clicks are missed. This is why I advise companies to invest in click fraud monitoring software and implement their own filtering.

Tags: Click Fraud
Posted in Features | 1 Comment »

Click Fraud - A Story of Intrigue

Friday, October 19th, 2007

The transcript of this click fraud investigation reads like the story from a spy novel, agents in Somalia were posing as legitimate users from Amsterdam attacking the secretive operation in England, or was is double agents based in Somalia attacking the political dissident. This was not the plot line from the latest Le Carre novel, rather it is the story of a click fraud attack I was subject to. In this post I will document the whole story from detection, to reporting and ending up at a follow up visit to the culprits website.

The events in this story are all true, and happened during September 2007, the name have NOT been changed to protect the guilty.

During September I was running an Adwords campaign to drive traffic to this blog, the campaign was bidding on click fraud related keywords and had a relatively low max cost per click of 0.25 (GBP). The campaign was running worldwide with no time zone limitation and it was also running on the content network. All of the points noted are against much of the anti-click fraud advice I give, probably because I was keen to capture a real click fraud attempt with my newly installed click fraud software.

Sure enough, not long after the campaign was launched, I began to receive repeated clicks from a number of IP addresses which were registered to an Amsterdam address. I am happy to say that my click fraud software works and I began receiving e-mail alerts.

Interested in who was attacking me, I went to whois.org and performed a lookup against an IP address. The offending address whois lookup is shown below:

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 193.0.0.0 - 193.255.255.255
CIDR: 193.0.0.0/8
NetName: RIPE-CBLK
NetHandle: NET-193-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 1992-08-12
Updated: 2005-08-03

I THEN QUERIED THE RIPE DATABASE

inetnum:         193.219.242.0 - 193.219.242.255

netname:         GTC-NET-SO descr:

Golis Telecommunication country:

SO admin-c:         YMA6-RIPE

tech-c:          YMA6-RIPE

status:          ASSIGNED PA 

remarks:         --------------

remarks:         T-IP-20040728

remarks:         --------------

mnt-by:          TAIDE-NOC

source:          RIPE # Filtered

person:          Yahye Mohamud Ahmed

address:         Bosaso,

Somalia phone:           +252 5 722002

phone:           +252 5 822016

fax-no:          +252 5 822011

e-mail:          yahye@golis.net

e-mail:          meecad@hotmail.com

nic-hdl:         YMA6-RIPE source:

RIPE # Filtered

Upon further investigation, I noticed in the refer information of all the attacks were coming from a single Adsense account and website. From this I made the deduction:

1) That someone trying to boost their Adsense earnings was clicking on their own links.

2) In a much more interesting turn of events, to add to the intrigue of this whole story I like to think that the website owner was being attacked as the site, which is based in Somalia, was showing political cartoons alongside Adsense and other banner ads. Some dark agents of the Somalian government were clicking on this dissidents links to cut of his or her income which was being used to fuel anti-government propaganda (always the conspiracy theorist I go for this possibility :-))

The Adsense account ID is ca-pub-0558200840132548 and the offending website is www.aminarts.com

I collected the appropriate information and lodged an invalid click investigation from the form at Google, in a previous post I have documented getting a refund from your PPC supplier, check that out for more details.

I provided the following to Google, please note the actual report was much longer, and has been abridged for clarity

TO: Google Adwords Support,

My name is Neil Matthews. My account ID is xxx-xxx-xxxx.
I would like to report the following suspicious activity that I
have detected during 09/2007.

In particular I am seeing a lot of problems emanating from an Amsterdam IP address via www.aminarts.com
using Adsense ID ca-pub-0558200840132548

===============================
IP ADDRESS: 193.219.242.40
===============================
Number Of Suspicious Clicks: 22
Time Of The First Click: September 18, 2007, 1:45 pm
Time Of The Last Click: September 22, 2007, 2:15 am
Referring URL:
http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=946656542941&lmt=1189488293&prev_fmts=468×60_as&;
format=728×90_as&output=html&correlator=946656541359&url=http%3A%2F%2Fwww.aminarts.com%2Fsep_7_07.htm&color_bg=FFFFFF&color_t
http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=1190210567593&lmt=1187337021&prev_fmts=468×60_as&;
format=468×60_as&output=html&correlator=1190210566484&url=http%3A%2F%2Fwww.aminarts.com%2Faug_12_2007.htm&color_bg=FFFFFF&co
http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=1190176577359&lmt=1186642883&prev_fmts=468×60_as&;
format=468×60_as&output=html&correlator=1190176577328&url=http%3A%2F%2Fwww.aminarts.com%2Faug_6_2007.htm&color_bg=FFFFFF&col
http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=1171908513015&lmt=1186130281&prev_fmts=468×60_as&;
format=728×90_as&output=html&correlator=1171908512937&url=http%3A%2F%2Fwww.aminarts.com%2Faug_2_2007.htm&color_bg=FFFFFF&col
http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=1190224766859&lmt=1186133881&prev_fmts=468×60_as&;
format=728×90_as&output=html&correlator=1190224766812&url=http%3A%2F%2Fwww.aminarts.com%2Faug_2_2007.htm&color_bg=FFFFFF&col
http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=1190228742765&lmt=1186133878&prev_fmts=468×60_as&
format=728×90_as&output=html&correlator=1190228742640&url=http%3A%2F%2Fwww.aminarts.com%2Faug_1_2007.htm&color_bg=FFFFFF&col
http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=1190234317156&lmt=1190174273&prev_fmts=468×60_as&
format=728×90_as&output=html&correlator=1190234317140&url=http%3A%2F%2Fwww.aminarts.com%2Fsep_15_2007.htm&color_bg=FFFFFF&co
http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=1190256870736&lmt=1190174273&prev_fmts=468×60_as&;
format=728×90_as&output=html&correlator=1190256870666&url=http%3A%2F%2Fwww.aminarts.com%2Fsep_15_2007.htm&color_bg=FFFFFF&co
http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=1190262102421&lmt=1190013894&prev_fmts=468×60_as&f;
ormat=234×60_as&output=html&correlator=1190262102343&url=http%3A%2F%2Fwww.aminarts.com%2Fgolis_new.htm&color_bg=FFFFFF&colo
http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=1041461065515&lmt=1186130281&format=468×60_as&output=html&correlator=1041461065484&url=http%3A%2F%2Fwww.aminarts.com%2Faug_2_2007.htm&color_bg=CCFFFF&color_text=000000&color
http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=1041461286484&lmt=1187333424&format=468×60_as&output=html&correlator=1041461286437&url=http%3A%2F%2Fwww.aminarts.com%2Faug_15_2007.htm&color_bg=CCFFFF&color_text=000000&colo
http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=1041461425031&lmt=1187333424&prev_fmts=468×60_as&;
format=728×90_as&output=html&correlator=1041461424765&url=http%3A%2F%2Fwww.aminarts.com%2Faug_15_2007.htm&color_bg=FFFFFF&co
http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=1041461425031&lmt=1187333424&prev_fmts=468×60_as&;
format=728×90_as&output=html&correlator=1041461424765&url=http%3A%2F%2Fwww.aminarts.com%2Faug_15_2007.htm&color_bg=FFFFFF&co
http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=1041461562718&lmt=1187890854&format=468×60_as&output=html&correlator=1041461562718&url=http%3A%2F%2Fwww.aminarts.com%2Faug_19_07.htm&color_bg=CCFFFF&color_text=000000&color_
http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0558200840132548&dt=1172774004749&lmt=1188167485&prev_fmts=468×60_as&;
format=728×90_as&output=html&correlator=1172774004398&url=http%3A%2F%2Fwww.aminarts.com%2Faug_17_07.htm&color_bg=FFFFFF&colo

THE REPORT GOES ON BUT HAS BEEN CUT SHORT FOR CLARITYI then sat down to wait. The expected reply in three working days did not arrive, I was not until 4th October that the following reply was received from the Googleplex:

Hello Neil,
We received your report regarding suspicious clicks from IP address
193.219.242.40. Thank you for your patience while we researched this
issue.
It appears that the activity you noticed was a result of invalid clicks
your ads received on a site in our content network. Thank you for bringing
this issue to our attention.
You should receive a credit to your AdWords account within a few weeks for
any charges for clicks we believe were invalid. Please also know that this
site’s AdSense account has been disabled and the publisher will not be
allowed further participation in the Google Network.
We strive to upgrade our detection mechanisms to pro-actively combat
invalid click activity. Thank you for your assistance with our
investigation. We apologise for any inconvenience.
Sincerely,
Andrew
The Google Ad Traffic Quality Team

In previous reports to Google they are quick to say that their filters have captured the clicks and that I have not been charged for them, but in this reply there is no mention of capture, from this I assume the filters did not capture the problem. I was awarded a refund of 24.96 (GBP). This is not an earth shaking click fraud, but in context to my monthly adwords spend of approximately 200 (GBP) this is a substantial percentage.

During the writing of this article, I revisted www.aminarts.com and I was glad to see they were no longer running Adsense ads.

In conclusion to this post, I would like to add that it is highly unlikely that I would spot a click fraud attempt like this without the use of click fraud monitoring software. The monthly charge of the click fraud monitoring software would easily be covered by refunds like mine.

Tags: Click Fraud
Posted in Features | 3 Comments »

The Tell Tale Signs of Click Fraud

Monday, October 15th, 2007

Here is the scenario, your business is running a pay per click campaign and you become suspicious that all is not as it should be. Could you be a victim of click fraud?

Once you think you have a problem it is time to “look under the hood” with your analytic tools.

The first tell tale you will notice is a lower return on investment. In a healthy pay per click campaign, your return on investment will be fairly consistent. ROI is calculated as click through/conversions. If your click through rate increases with no corresponding increase in conversions be suspicious.

Once your suspicions have been increased, another metric to investigate is the bounce rate of your visitors. Bounce rate is the analysis of user activity on your site. If a click through results in a view of the landing page then person leaves without viewing other pages this is a warning, and if you are trending your bounce rate, a sudden increase should set off warning bells.

A companion indicator of bounce rate to monitor is time on site. If users are coming to your site and departing within a few seconds, either your content has changed significantly and is repelling your target audience or something untoward is happening.

The key thing to analyse is the IP address of your visitors. If you are getting repeated clicks from the same address and if that address is located in high risk country such as India, Russia, Indonesia or Ghana then you can confidently say you have been attacked.

What do I do next? The answer is simple refer to my post Getting a click fraud refund from your ppc provider and report your suspicions to your click fraud provider.

Tags: Click Fraud
Posted in Features | No Comments »