RJM62
Touchdown! Greaser!
- Joined
- Jun 15, 2007
- Messages
- 13,157
- Location
- Upstate New York
- Display Name
Display name:
Geek on the Hill
I'm working on revising and improving a script I wrote a while ago to detect suspicious clicks on Adwords ads (and eventually other PPC ads) that look like attempts by competitors to deplete the ad budget and/or or increase ad costs. This problem seems to be getting worse. Depleting competitors' ad budgets apparently has become something of a cottage industry.
Typically, I've found that Google's own anti-fraud measures find only about half of the suspicious clicks. However, when confronted with detailed records of the ones they missed, they will issue credits. So I'm thinking about selling my click-tracking script as a service.
The script resides on the landing site's server, and basically waits for incoming clicks from Adwords. It records the information about the clicks to a database, and then analyzes the database for suspicious patterns when requested.
My question is: How shall I define suspicious clicks?
At present my I define the following as suspicious:
1. Multiple clicks from the same IP address, that are more than 1 sec apart (to accommodate sub-genius users who double-click on ads).
2. Clicks from IPs currently on Project Honeypot's HTTP blacklist.
3. Sequential clicks on the same ad, on the same page, from different IPs assigned to the same host, or from IPs that fail gethostbyaddr(IP), when the clicks are less than 60 seconds apart.
4. Clicks from IPs already found to be engaging in fraudulent clicking within the past 90 days.
Still working on: If the advertiser has the "Target using physical location" option selected, then any clicks from outside the defined physical location.
Any other suggestions?
Thanks,
-Rich
Typically, I've found that Google's own anti-fraud measures find only about half of the suspicious clicks. However, when confronted with detailed records of the ones they missed, they will issue credits. So I'm thinking about selling my click-tracking script as a service.
The script resides on the landing site's server, and basically waits for incoming clicks from Adwords. It records the information about the clicks to a database, and then analyzes the database for suspicious patterns when requested.
My question is: How shall I define suspicious clicks?
At present my I define the following as suspicious:
1. Multiple clicks from the same IP address, that are more than 1 sec apart (to accommodate sub-genius users who double-click on ads).
2. Clicks from IPs currently on Project Honeypot's HTTP blacklist.
3. Sequential clicks on the same ad, on the same page, from different IPs assigned to the same host, or from IPs that fail gethostbyaddr(IP), when the clicks are less than 60 seconds apart.
4. Clicks from IPs already found to be engaging in fraudulent clicking within the past 90 days.
Still working on: If the advertiser has the "Target using physical location" option selected, then any clicks from outside the defined physical location.
Any other suggestions?
Thanks,
-Rich