Get exclusive CAP network offers from top brands

View CAP Offers

Reply To: ppc search engines

[bsa_pro_ad_space id=2]
#655363
Anonymous
Inactive

There are two types of common click fraud; the first is what’s been discussed as PTR programs, where an affiliate of the PPC search engines organizes a member base and pays them to click their links, and the other is automated bots. Your question is about the bots, so…

Click bots are pretty simple little programs designed to follow paid links without being spotted. They usually run behind proxy servers and rotate spoofed user_agents to avoid detection, but they can still be spotted.

Below are some log entries from a non-casino site I run (please do not visit the referring site and start clicking, you’ll only be costing an honest site owner money and supporting the thieves). I’ve blacked out my IP, highlighted the remote IP in blue and the user_agent in red and disabled the link to the referrer.

The remote IP represents the visitor’s host and the red, what software is requesting the page (usually their browser). This bot is running through a proxy, so the remote IP changes. It is also using a series of user_agents to appear more human.

I spotted this one because the visitor didn’t request any files other than the source code. A real web browser would read the source and then request all of the files referred to, including images, style sheets javascript files, etc. Most of these bots don’t…

I’m still waiting to hear back from the PPC as to whether this particular marketing partner (and the list of about 10 others I sent) gets the boot. I’m not holding my breath.

2004-09-21 01:00:24 164.100.17.17 – xxx.xxx.xxx.xxx 80 GET /index.php adid=27578 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) forsearch.net/?qq=credit+and+debt+counseling

2004-09-21 04:23:14 209.7.107.31 – xxx.xxx.xxx.xxx 80 GET /index.php adid=27578 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+MyIE2) forsearch.net/?qq=consumer+debt+consolidation

2004-09-21 08:36:13 24.6.221.243 – xxx.xxx.xxx.xxx 80 GET /index.php adid=27578 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) forsearch.net/?qq=credit+card+debt+consolidate

2004-09-21 12:18:39 80.121.233.206 – xxx.xxx.xxx.xxx 80 GET /index.php adid=27578 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98)+Opera+7.23++[fr] forsearch.net/?qq=credit+card+debt+consolidate

I hope this helps. :)