Click Fraud Detection and Prevention

Advertserve Updates

What is Click Fraud?

There are many possible causes and sources of fraudulent clicks. In most cases
they’re not actually performed by humans. Sure, you might have bitter
competitors clicking on each others ads here and there, but computer generated
traffic is really the major concern here. The proliferation of ad exchanges and
programmatic buying and selling has opened the door for bad guys to use various
stealth techniques such as botnets or a distributed network of compromised
servers to generate fake impressions and clicks. If the potential profits are
high enough for them they might even purchase cheap cloud servers from smaller
providers all around the world to generate their traffic.

Collaborative Blacklist

The first step to detecting click fraud is actually to prevent it from occurring
in the first place. AdvertServe employs a collaborative blacklist that combines
data from our own research, third-party researchers and feedback collected from
our customers. The blacklist stops your ads from even being served to the bad
guys, so it not only prevents click fraud but impression fraud as well!

This is all happening in real-time too. If we or one of our customers detects
some fraudulent activity we can respond and push out a blacklist update to all
of our customers instantly. Now that’s what we call being pro-active. It’s the
only way to stay ahead of the bad guys because they’re constantly switching
hosts, bouncing through different proxies and improving their methods.

How You Can Help

How can you help prevent impression and click fraud you might ask? Well, actually,
we’ve made it really easy for you to help out. Upon logging in to your AdvertServe
account you might some day happen to see a warning like the one in the following
screen shot.

Click Fraud Detection Notification on the Home Screen

What should you do? The first thing you should do is take a deep breath and
don’t panic
because the situation isn’t bad at all. On the contrary, it’s
your chance to join in and help fight back!

  1. First things first, click on the click here link to bring up the
    Click Fraud Review Tool screen, which you can also access by going to
    Tools > Fraud > Review from the main toolbar at any time.
  2. What you’ll see will look like the following screen shot where we have 10
    suspicious clicks to review.
    Click Fraud Review Tool
  3. The first thing you should notice is that these clicks all came from the same
    IP address. This is the most common indicator of fraudulent activity. In fact,
    the rank column shows the number of clicks for each given IP address to make this
    easier to see.
  4. Now, if you click on the IP address it will run an extended scan that checks
    against some huge blacklists that we don’t include in our automated blacklist.
    Blacklist Query Tool
  5. Then if you still aren’t sure you can click on the Whois Lookup and see who owns the
    network range this IP address falls into. In this case the IP address was assigned to Global Crossing.
    They are a large-scale bandwidth provider. The IP address was sub-leased by them to an enterprise
    software company, which probably has some type of robot/spider running on their servers that generated
    these clicks. That or their server was compromised and it’s participating in a botnet.
    Whois Report
  6. Take a step back and look at the UUID, which is the unique user ID that we
    store in a cookie for each visitor. Notice each click has a different UUID.
    This tells me that the bot in this case is not sophisticated enough to send
    and receive cookies.
  7. The next thing you want to look at is language. Many lazy bad guys forget to specify
    an Accept-Language header in their bots. In such cases the language will
    be detected as unknown so watch out for that.
  8. The we have the User-Agent, which identifies the operating system and web browser
    that supposedly performed the click. Now let’s look at this one here. We got
    clicks from visitors using IE 4 and IE 5 on Windows 95 and 98? Seriously, this is 2014
    and NOBODY is using those any more. Why the bad guys continue to use garbage like this
    for their fake User-Agent’s is beyond me, but it sure makes our job easier so I’m not
  9. Finally, we have the referrer and in this case we can see all of the bad clicks
    came through AppNexus’s ad exchange. No surprise there. Seriously, the majority
    of bad stuff you’re going to see will come through an exchange.
  10. So, if you agree with me that these clicks look fraudulent, select all of them and
    then press the Delete Selected button. It will take a little time to delete
    them. The reports may also take a little longer to update, so don’t panic if you
    don’t immediately see the changes reflected in your reports.

False Positives

Once in a while we might detect some clicks as fraudulent that we shouldn’t have, but it’s pretty rare
since we only have a 0.57% false positive rate on average.

Most commonly these are clicks by you or some of your employees testing ads on your live web site.
There’s an easy fix for that. Simply go to Settings > Basic > Server and enter
your IP addresses into the Filtering section so your clicks aren’t counted.

Some mobile traffic may get detected as fraudulent if too many users behind the same proxy
are clicking ads around the same time. While this is rare it does happen. You can tell
when this happens because all of the User-Agent’s will be different mobile devices. Of
course, check the whois reports too and they’ll usually say AT&T or Verizon owns that IP
network range.

Final Thoughts

We hope that you never get hit with click fraud and we’re doing everything we possibly
can with our blacklist to ensure that. If you do get hit with some activity, hopefully
you’re now a little more prepared to deal with it. As always though, if you need our help
sorting it out just let us know!

Start Your Free Trial

Interested in giving AdvertServe a spin? Check out our demo page take a look at our interface and get an overview of the ad management process. When you’re ready, sign up for your free 30 day trial¬†

Great Server, Better Support!

AdvertServe provides world class support and allows all the functionality of the top adservers in the market. We have used and do work within many of the largest servers on the market, and advertserve easily holds its own.

Bill W.