The price of pay-per-click is eternal vigilance

Alright, I'm paraphrasing that famous quote, “The price is vigilance is eternal vigilance” (commonly attributed to Thomas Jefferson, but he didn't actually phrase it that way), but an email I received yesterday asked me some good questions about pay-per-click advertising and click fraud:

Do you know if there is anything that a site owner can do to prevent their sites being attacked by a spider or application designed to purposely click on their Google ads?
It just strikes me that in order to stay with Google you need to be either very lucky not to be attacked or else proactive in defending your site against such an attack.

Is there anything we AdSense publishers can do to prevent click fraud? Not specifically, no. All we can do, really, is watch our earnings summaries and server logs for unusual patterns and tell Google about them if we think our sites have been used for click fraud. Sometimes it's pretty obvious, as I reported recently in my blog about the automated
click fraud that was occurring on my site, where someone was fetching my home page every 20 seconds from different machines and clicking on ads (I assume on a competitor's ad) every second or third time. (Though I'm perplexed as to why they'd do it so noticeably… like you don't think a new, small site like Make Easy Money with Google wouldn't notice this kind of thing? And yes, I'm still in discussions with Google, trying to help them track it down.) Small-time click fraud is much harder to track and avoid, I think, and I'm not sure there's much you can do there. But this is why Google's AdSense program policies specifically forbid you from encouraging visitors to click ads.

The letter continues:

For example is there any way that the robots.txt file can be used to block out spiders which have proven to be malicious?

The answer is “no”, for the robots.txt file. The robots.txt file is not something that can be enforced, it's like good behavior in polite society. A well-behaving, legitimate crawler will look for and obey the instructions in your robots.txt file, a misbehaving crawler won't.

I think that it would be useful to compile a list of sites which are being used to launch such attacks and share this list with the general Google Adsense community.

I would imagine that Google maintains its own list of “banned” sites whose clicks don't count. The problem with these lists, of course, is that legitimate IP addresses can be used by the click fraud artists, either through IP spoofing or by using the machine as a zombie process.

Is this being too simplistic?

No! These are good things to be thinking about. Though there's not much you can do about click fraud on an individual basis, together we and Google (and, presumably, Yahoo! once it comes out of beta with its pay-per-click system) can work together to minimize the problem.

In the end, though, it's the advertisers that will make the ultimate call. If pay-per-click advertising doesn't work because of click fraud, they'll go looking for alternatives. This is why Google and Yahoo! are so interested in combating click fraud — they don't want to lose those revenue streams!

Comments