The Truth – Adsense Click Fraud Can NOT be Stopped

Your probably reading this article because you use Google
Adwords to bring traffic to your website, or your a click
fraudster yourself, wanting to see what kind of information I
have for you. Most of you click fraudsters will think that I
have no idea what I am talking about, and that I do not know
your methods. Well, trust me buddy, I KNOW ALL ABOUT YOU AND
WHAT YOU DO.

If you are new to the click fraud scene, here is an example:

1. Scumbag puts Google Adsense ads on his website.

2. The scumbag then proceeds to cheat Google Adsense by creating
false clickthroughs and impressions, in return earning him a
pretty nice profit, because he isn’t even working on his
website, just generating false traffic.

All of you people that run campaigns through Google Adwords are
thinking, “This guy has no idea what he is talking about, Google
has everything under control and they even state so publicly!”

WOW! What kind of pay per click company would admit that they DO
NOT have click fraud under control? I wonder what would happen
to their business immediately following that statement.

Estimates say that nearly 20% of all clicks for Adsense are
illegitimate. In my honest opinion I believe this number to be
around 30-35% from some of the things I have seen.

Alrite, now the big question, how are they doing it?

There are a number of ways that people are cheating, including
the ‘click groups’ from India that click on your ads for you and
create big pay checks as long as you pay them their $0.50 an
hour so they can buy bread for their family.

But I’m going to show you the technical way that Google Adsense
is cheated, not poor people clicking ads. I’m talking about
extremely smart programmers that create hitbots to cheat
Adsense. And, NO, I’m not talking about that piece of garbage
‘CACA’ or Clicking Agent that you find on Google. I am talking
about PRIVATE programs and scripts that are only used by private
groups.

How do these scripts get away undetected you ask?

Simple, let’s actually take a look at Google’s click fraud
protection (This is what I have summed up, I seriously don’t
believe they have anything other protection because people are
still cheating using these methods as you read this article.)

If you actually take a look at Google’s Adsense code when it is
on your webpage you will find the URL that is used to retrieve
ads. (Right-Clck your ad Iframe and click ‘View Page
Information’ or something similar.)

Here is an example of the URL that you will find:

http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-252
1202633232871&dt=1124847235453&lmt=1124631699&format=468×60_as&ou
tput=html&url=http%3A%2F%2Fwww.yoursite.com%2F&color_bg=ECF8FF&co
lor_text=000000&color_link=0033FF&color_url=0033FF&color_border=D
DAAAA&cc=59&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-240
&u_java=true

Now let’s decode this up a little bit, shall we?

client=ca-pub-2521202633232871 – Your client code, this tells
Google who to assign the click-through money to.

dt=1124847235453 – Javascript, if you use the command
google_date = new Date(); document.write(google_date.getTime())
— Which generates 1124847235453.

This shows you the number of milliseconds since midnite January
1, 1970. This is what seems to be Google’s biggest automated
proxy clicker fraud prevention. Doesn’t seem too hard to
generate with 2 lines of code now does it?

lmt=1124631699 – The last time your webpage was updated. LMT
stands for Last Modified Time, pretty easy Javascript to
generate this one too – document.write(document.lastModified);
— Which generates 1124631699.

(Notice I’m skipping a bunch, that’s because they are just
showing the type of ad, colors, and size that you are using.)

cc=59 – Seems to be some random number based on the screen
width, height, and color scheme. I’ve seen this number go from
20 all the way up to 400. I’m sure they don’t use this to
reliably track click fraud.

u_h=768 – Height of your screen settings.

u_w=1024 – Width of your screen settings.

u_ah=738 – Your available screen height.

u_aw=1024 – Your available screen width.

u_cd=32 – Color scheme on windows, e.g. 32-bit.

u_tz=-240 – Your monitor refresh rate or something else that
isn’t important, I’ve never seen it not -240.

u_java=true – Just seeing if you have java enabled.

There are some other variables that are sometimes in the URL
such as ‘u_his=’ this means how many pages you have visited
since you started up your browser. There’s also some MIME type
checks and how many plugins you have installed, but these
variables come up very rarely. I think they are only meant for
Netscape/Firefox browsers.

Now that we have ‘decoded’ the supposed unbeatable Google
Adsense code, what do you think about click fraud? You still
think it is rare?

After randomizing all the data and sending an automated query to
their Adsense URL, all the scumbag has to do is parse out all of
Google’s click URL’s and click one of them, giving him a click
through. This can all be easily faked with even a Visual Basic
program. A newbie programmer could in-fact cheat Google Adsense
without much knowledge.

Alrite you say, they beat the javascript code detection but
doesn’t Google use cookies so they can’t do this?

No, Google does not use cookies for Adsense.

Well what about IP-tracking? Someone can’t have that many
proxies!

There are click groups that leave these programs running on
their computer. They each randomly click each other’s URL’s
automatically. The person running the program doesn’t even have
to do anything, but he is still contributing to the success of
their group and himself.

Does that sound too far-fetched? I am telling you that there are
click groups that do this now and have been since the old
Linkshare PPC days in 1999. Yes, if you were an advertiser on
Linkshare back around 1999-2002, you got RAPED.

And that isn’t all. I have read on the internet that there is
currently over 100,000 people infected in the United States
alone with trojan proxy servers. These proxy servers run on
random ports so that Google can’t just do a simple port 8080 or
80 check on it to see if it’s a proxy. The majority of these
proxy servers are used for credit card fraud, but a lot of them
are also used to cheat Google Adsense and other pay per click
programs. These proxies are at-home users that look like normal
dial-up, cable, and dsl users from all across the world, but
mainly United States. There is NO WAY to prove that they are a
proxy.

Random User-Agent strings is another tactic that is often used
by click fraudsters. This makes Google think that a lot of
different browsers are clicking the links, just keeping them
further from finding out the truth.

On a side note, you may be thinking that the new Yahoo! pay per
click program may be the way to go. I checked into their
protection and guess what? They are only using ONE of Google’s
protections and that is the Javascript GetTime. They are still
in Beta though and this may change, but who knows?

To the cheaters: The benefits of cheating are short. Eventually
you will be caught for what you are doing and maybe even sued by
Google. There is a ton of money to be made legally with Adsense
and I suggest that you stop cheating. Who am I to tell you to
stop? I use to be one of you! Back when I was 13-14 I was making
programs like the ones you guys are using now. You guys probably
used one of my programs at one time. I am happy to say that
those days of mine are all in the past now, and I am making a
good amount of money LEGALLY with Adsense and other affiliate
programs. Work hard guys and you will reap the benefits 100
times what you make cheating.

To the advertisers: You people that use Google Adwords now see
that it is actually not very hard to cheat you out of your
money, so be careful and MAKE SURE that you use a click fraud
protection script such as ClickDefense. To lower most of your
click fraud, just don’t put your ads in the Content Network,
only stay on Google’s sponsored search results. Only Google gets
paid when someone clicks the search results sponsored ads and
nobody wants to cheat to make Google anymore money do they?
Check the stock, it’s currently at 279.58 a share.

To summarize my article I just want to state that no one should
use this information for cheating Adsense and I am not
responsible for your actions if you choose to do so. You will be
caught because Google will evolve and get smarter, eventually.

Joseph Tierney is 2005 high school graduate, internet marketer,
and surfer. He runs the Auction Fraud
Protection website – http://www.stopauctionfraud.com