Clickbombing And Click Fraud
We see changes made to the earnings in our AdSense account on a regular basis. Sometimes it comes in the form of an adjustment while they’re trying to finalize our earnings for the previous month, but it also happens much more frequently than that.
There have been days where I’ve refreshed the page only to see that our earnings have actually gone down in the last hour and not up. Sometimes I’ll see that a site had 10 clicks averaging $0.45 per click only to get discounted to $0.20 per click a few minutes later. We’ve even seen sites with 2 pageviews and 9 clicks, only to see later in the day that those clicks mysteriously vanished.
Google has a responsibility to protect their advertisers from clicks that aren’t likely to convert. While this may cause some AdSense publishers to moan and groan, it actually helps us to maintain a positive, profitable relationship with the advertisers…which is good for everyone.
Reasons For Discounted Or Removed Clicks
- Potential Customer Backs Out Quickly – If they click through the advertisement and back out before the page has even loaded, that’s probably not the best potential customer for an advertiser and they probably shouldn’t be charged for that lead.
- Unusual Amount Of Clicks From Potential Customers – You may have a visitor looking to get off the site that ends up clicking here there and everywhere to exit the site. If this person has an extraordinarily high amount of clicks for that visit, you may find the earnings discounted or the clicks removed completely.
- Automated Clicks – It could be some sketchy traffic play the publisher is using or it could be (innocently) some automated crawl bot that’s clicking on the ads. Either way, you’ll want Google to discount these clicks as they’re not really valuable to anyone.
- Clickbombing – A manual or automated process that will go to your site and click through your advertisements at an extremely high rate. This can be through the use of software, proxies, etc. or manually from a group of others looking to cause you harm.
#1 and #2 above happen on a regular basis and is usually the cause for fluctuation in our earnings, but it’s #3 and #4 that you should be concerned about as publishers. While there are some AdSense alternatives, protecting your account should be a priority for AdSense publishers and recognizing a clickbomb attack as it’s happening is one of the ways to do that.
Checking For Clickbombing
The other day, Joe and I both noticed an extraordinary amount of traffic heading towards one of our sites. The first thing we did was take a quick look inside Analytics:
Wow! Here’s a look at the AdSense earnings that day:
Not bad, right? The problem is this…that kind of traffic and earnings is extraordinary for this site…well outside the range of what we would consider normal. We’ve had something happen like this to some friends of ours. Here’s what their Analytics looked like:
Uh-oh…not good, right? Next step is to do some deep diving on our traffic sources. Here’s a side-by-side comparison between their site that was truly clickbombed (left) and ours (right):
Well that’s a good sign for us…most of our traffic is organic and came through search while the other site had 99% of their traffic hit the site directly. The next step is to take a look at the search terms that are bringing in the traffic:
Great. So it appears that a huge majority of our traffic to this niche site came from the primary keyword, with some variations and secondaries as well. That’s a good sign, but is it reasonable? I ended up checking the rankings for this site for the primary keyword and it appears it made it to the #1 position on Google. Awesome! As a final check, though, I wanted to see exactly where the traffic to this site is coming from in Google Analytics. Let’s again compare a site that was truly clickbombed (left) to ours (right):
The site that was clickbombed had a ton of traffic from Russia, Brazil, Columbia, etc. That’s a sign that the system doing the clickbombing was using proxies and varying their IP’s to come from different countries. As a final check, I wanted to see what states our traffic was coming from:
The traffic to our site looks pretty typical…sweet! Ultimately, we determined our site was not dealing with a clickbomb attack. Our CTR was high for the site, but in line with some of our better performing sites. Our best guess was that there was some sort of advertising campaign on Labor Day that might have drawn a ton of people to search for that particular item and find our site in the #1 position. We’re not entirely sure, but that seems like a fairly plausible answer.
5 Signs You May Have Been Clickbombed
- Extraordinary Amount Of Traffic – If your site has jumped from 20 visitors per day to 2,000 in one day that might be a sign you’re getting clickbombed. The best thing to do is to dig into your analytics and try to find a reasonable answer as to why you’re getting the traffic. (Did a high-traffic site just link to you? Was your site mentioned in the press? Did your site just significantly improve in the rankings?)
- Extremely High CTR – If an extraordinary amount of your traffic is clicking on your ads that may be a sign you’re under attack. Not every visitor to your site is going to be interested in the advertisements on the page…did that just change dramatically?
- Traffic From Random Countries – If most of your traffic is coming from the US and then, all of the sudden, you see a huge spike in traffic overall and traffic from other countries, that’s a likely sign that an automated program is using proxies to access your site.
- Extremely Short Visit Duration – Niche sites don’t usually have a very long visit duration, but did that just drop to under 10 seconds with thousands of visitors? Are most of those visitors clicking on your advertisements? That’s not a good sign…
- More Clicks Than Pageviews – Google usually detects this and discounts it automatically. You may find this if you have an upset competitor looking to get you in trouble.
How To Respond To A Clickbombing Attack
I wouldn’t recommend taking these steps for every little odd click you get in your account, but if you find yourself the victim of a major clickbombing attack, here’s what we would recommend:
- Block Ads On The Site – AdSense has a feature that lets you choose which sites are allowed to display your AdSense advertisements. By changing this to NOT allow the site under attack to display advertisements this will protect the site. (We’d recommend this over trying to block IP’s…if they’re using proxies they can simply overwhelm you with new IP’s over and over again) You can find this under Account Settings > Access and Authorization in your AdSense account.
- Report Attack To Google – Google’s pretty good at catching a few mistaken clicks here and there, but a larger attack should be reported. You can use the contact form found here.
- Check And Report On The AdSense Forum – You can read about the experiences of others or post your own question and ask for help from some of the Top Contributors.
There’s no guarantee going through this process will save your account, but it will show that you were pro-active about protecting your advertisers from fraudulent clicks.
Thanks goes out to our friends John Paul and Matt from LifestyleBusinessDesign.com for allowing us to highlight their data from the clickbombing attack in this post.
Have you been a victim of clickbombing? What would you do if this were to happen to you? Let us know in the comments below!