Click Fraud Crap

by Jeremy Schoemaker on October 22, 2006 · 41 comments

I keep seeing a new story every day about how the paid search placement is UBER F00ked because of all this click fraud…. Whatever…. I am pretty newb to this whole ppc game. I just started about jan/feb of this year but I learned very quickly how to generate my own fraud reports and submit them to the ppc engines. Every-time I have been refunded for the fraudulent clicks.

What do I do ? Its not really rocket science… I take a hash of the users ip and browser agent and store that into a database along with the timestamp they clicked. Then at the end of the month I generate the report of duplicate hashes over X amount (sometimes this is 10k or more duplicate/fraud clicks). I then send a summary report to all the ppc engines respectively and attached is a complete log.

I think GOOGLE/YAHOO/MSN CLICK FRAUD sells a lot of papers and it might be going on but they do everything in there power to stop it and also refund you. As long as you provide them with the information.

I know many of you are probably thinking well SURE WE DO ALL THE WORK FOR THEM…. well that is a good point and I dont really have a answer for that. Perhaps someday we could get the big 3 PPC engines to work together on a single reporting standard for fraud clicks where we all can just submit our reports the way they want them.

full disclosure

About the author...

– who has written 2895 posts on

Jeremy "ShoeMoney" Schoemaker is the founder & CEO of the ShoeMoney Blog, Elite Retreat Internet Conference, & the PAR Program. In 2013 Jeremy released his #1 Amazon Best selling Autobiography titled "Nothing's Changed But My Change" - The ShoeMoney Story. Jeremy currently lives in Lincoln Nebraska with his wife and 2 daughters.

Justin recommends you check out these amazing posts:

  1. trump-youre-fired How To Fire Someone
  2. Add to Cart Button Split Testing with a Genetic Algorithm
  3. linkcontrol debut Linkcontrol Unveil at Affiliate Summit West 2011 (SEMI NSFW)


1 rage

What do you mean you are new to this ppc game?

2 skore

Sure but why should we do all the work for them? ;)

3 graywolf

So if they are willing to give you the refund that must mean they are able to verify and agree with your findings … which begs the question why haven’t they put a similar solution in place …

4 Hone Watson

Well I think its pretty obvious why they haven’t put a similar solution in place.

So Shoe… could you elaborate on your click fraud report system? I’d be willing to pay for your click fraud report system and I bet plenty of other people would too.

I’ve tried submitting various click fraud reports of my own but so far it hasn’t worked.

5 ShoeMoney

ppc has been around since the 90′s as I said in my post I have only been doing it since jan/feb and only spending a decent amount since the 40,000$ experiment last spring

6 ShoeMoney

I would make a free webbased tool but then people would have to upload there apache logs and I dont think people would want to do that and also those logs are way to big

7 Soj

google should build this into their analytics system, would tie everything all together quite nicely.

8 Hone Watson

Well what if you sold that tool so that people could host it on their own servers in a secure area?

9 corey

why should google do all the work. they should pay shoemoney to do it for them.

10 Daily Newspapers

What kind of off the shelf PPC click fraud software is everyone using? I have crap raw stats from my Webprovider!

11 Anthony Shapley

Is that a flying pig? I don’t see them teaming up, over this nor anything else.

12 mad4

Is somebody clicking the same advert twice click fraud? How long would the period between clicks have to be for the clicks not to be deemed fraudulent?

13 AndyRed

All of the main search engine have procedures in place to automatically detect; and hence don’t charge to your account. How long would the period between before being deemed fraudulent is quite subjective and is not naturally no revealed by the engines; however you can gain some more understanding of the procedure and how it works – by reading this – Google’s Approach to Detecting Invalid Clicks & What is Missing in Google Filters

14 SEOEgghead


What we don’t know is how many of the clicks were refunded even before the report. Can you give us a before/after #, or a percentage discount? I totally believe that you’ve gotten 10k garbage clicks. But if you actually got charged for more than 30-40 of them, I’d be extremely scared.

Your method will also filter out some legit clicks. But who cares? I’ll implement this right away. Let _them_ prove that more than 10 clicks a month from an IP/UA combo is legit.

This is just a way to keep Google on their toes. Even if they don’t agree with this simple heuristic for finding fraudulent clicks, you’ll get a discount regardless.

Brilliant idea Shoe.


15 Mykel79

So Shoe, you have to keep a month’s worth of logs so you can submit them to the search engines if needed? How many terabytes does THAT take up?:)

16 Art

Wow, just wow. I’ve been puzzling over the past few days about the perfect solution to minimizing loss from clickfraud. So after reading your post I was inspired enough to write a tool to analyze old Apache logs for multiple G/Y/M clicks from the same IP addresses to cover clickfraud from the past. Funnily enough, there were massive amounts of clicks from user agents like “Playstation Portable” :S

Now I’m working on a similar DB/monthly report implementation to monitor things from now on in.

Cheers for the great ideas Shoe! That post came at the PERFECT time I was musing over ideas.

17 Art

On that note – is there any reason you chose to use hashes instead of the IPs outright?

18 Bulbboy

Good to know that they refund the money.
I’ve seen a few people write that they think G just keeps the money to line its own pockets.
I guess the respond favourably to someone informing them in a logical and ordered fashion.

19 Brian Turner

Sounds like you’ve got a valuable set of business tools in a market increasingly demanding them. :)

If you didn’t want to distribute them yourself I wouldn’t be surprised if some of the PPC management companies would love to licence that sort of project from you.

Also, apologies for the typo on MySpace – Show=Shoe. Late night. :)

20 brandomir

What are you constituting as a fraudulent click Shoe?

- How many clicks from the same IP do you tolerate?
- What if an IP just clicks on 1 or 2 different keywords, that is fairly legit no?

Also…question for Art.

Art, can you talk a bit more about why user agent is important? Do you think fraudsters are using things like PSP to generate the clicks thinking they will go unnoticed? Or, could’t those clicks in fact be legit?


21 Ken Savage

I drop a few modest $1000′s a month on ppc and would benefit greatly on something I can host myself to prevent or even find click fraud on my own sites. I would appreciate any help with your solution Jeremy or anyone else’s.

22 dillsmack

You hash the IP and the agent together.

23 ShoeMoney

maybe someday I will sell tools. I put it on the “things to do someday list”

24 ShoeMoney

I do a hash of the browser + ip so that its a little more acurate then just doing ips (incase of proxies) then anything over the threashhold (currently 750 per month) I spit out on a report.

25 ShoeMoney

I do not submit them but I do make them web accessable user/password protected. Yahoo is the only company I have ever seen actually download them. MSN and Google just refund.

26 ShoeMoney

Hi –

I answerd this from someone else above –

I do a hash of the browser + ip so that its a little more acurate then just doing ips (incase of proxies) then anything over the threashhold (currently 750 per month) I spit out on a report.

27 ROIGuy


It sounds like you have a decent method for identifying potentially duplicate clicks from your logs. I am curious how much you actually generated in refunds from that list.

Your approach does not begin to address the issue of invalid click network an other scams.

I always tell my clients to avoid content matching and syndicated search networks, because the ROI is generally much lower. Yahoo’s “relevancy problem” for their CPC ads it really a result of the inability to prevent you ad from displaying throughout their distribution channel.

28 Grant

How do you submit them to google? Do you have a personal rep or do you just email them through the feedback link on the adwords page?

29 Jeremy Palmer

The conspiratorial side of me thinks in small part the media is motivated to write about click fraud to push advertisers back to their own dying advertising models. I agree with your thoughts – click fraud is over hyped. Sure it’s a problem, but it can be managed.

What are your thoughts on botnets? Multiple PC’s infected with a click virus hitting your website from thousands of IP’s would be hard to detect with a simple hash.

30 Andrew Johnson

If you guys are lazy just try a hosted solution like adwatcher.

I don’t think clickfraud is a serious problem with G/Y/MSN. All of these stories involve people who aren’t paying any attention to their logs and then all of the sudden figure out something isn’t right. Its the third tier engines where the fraud is a problem. Unfortunately for the clickfraud consultants, no one cares if they start talking about site no one has ever heard of.

31 abeals

Stupid question of the day . . .

Define Hash: when you say you take a hash of their IP and browser.

32 Art

I was thinking that, but then the proxy clickers can be modified to have a random User Agent each time they click, giving wildy varying hashes.

33 Jamie

He means he takes the IP address and the browser name and does an md5 hash of it. If I’m wrong I’ll be corrected.

34 Stuart

Shoe -

The click fraud detection you are using will catch the obvious stuff, which, for the most part, engines are getting better at catching. It won’t, however, do any good against the more sophisticated bot-based programs that use 1000′s of compromised PC’s to generate fraudulent clicks against networks of MFA sites. Google “clickbot.a” or “KMeth Worm” for more. These approaches will use multiple IP’s to generate clicks from different systems with different browser names. Impossible to detect. You will only see declining conversion. Simple answer? Watch contextual ads carefully or avoid them altogether and stick with mainline search.

35 Sam

I read your article and it looks very interesting, it never crossed my mind that google will actually accept an individuals complain and agree for retribution.

I want to pursue this matter now, and I was wondering whether you can provide me with a little more details about the technical aspects of the report submission.

1. At what point do you consider a clicker as fraud, how many times does he have to click to be considered fraud.

2. Considering a certain threshold has been establish, do you include any click to any keyword, or only if its repeating within the same keyword.

3. What amount do you request back, avg cost of that keyword for that timeframe?

4. And last but not least, what about non aggressive clickers, lets say a particular user clicked 5 times, would you request back 4 out of the 5?

Your response, and hands on experience on this matter will be greatly appreciated, and I’m looking forward to share your expertise on this matter.

36 Tony

we would never trust ppc service.

37 John

PPC advertise would get traffic or not but affilates and ppc service owner will make money by fraud example google adsense they are billionaires.

38 wildbluff_matt

How much money did this end up saving you each month? Sounds like it might have been a very good ROI for the time spent putting together the report.

Previous post:

Next post: