Immunizing your site against click fraud

  • 1,144 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,144
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Immunizing your site against Click Fraud
    How to monitor and prevent excessive ad clicks
    -- Srikanth Bangalore.
    Bangalore.srikanth@gmail.com
    Drupal ID: bangalos
  • 2. The Scenario:
    You have signed up with googleadsense
    Google asks you to paste the following somewhere in your page:
    <div id="googlehorizontalad2">
    <script type="text/javascript"><!--
    google_ad_client = "pub-2457397907088834";
    /* Footer Ad */
    google_ad_slot = "1589389617";
    google_ad_width = 728;
    google_ad_height = 90;
    //-->
    </script>
    <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script>
    You paste it in the footer (block) of all your Drupal pages.
    You also sometimes show it on the right.
  • 3. Paranoid: Refresh page on Browser Back
    Include the following in page.tpl.php:
    </head><body>
    <input type="hidden" id="refreshed" value="no">
    <script type="text/javascript">
    addLoadEvent(refresheverytime);
    function refresheverytime(){
    var e=document.getElementById("refreshed");
    if(e.value=="no")e.value="yes";
    else{e.value="no"; location.replace(location.href);}
    }
    </script>
  • 4. Strategy for detecting Adclick
    Identify all IFrames for the Ads and associate with each of them an eventhandler function:
    OnFocus (implies left click) = AdsenseClickX3X;
    OnMouseOver= DoMouseOverX3X;
    OnMouseOut= DoMouseOutX3X;
    Associate with the window
    window.onbeforeunload= PageUnloadX3X;
    Definitions:
    function DoMouseOverX3X() { InIframeX3X = 1; }
    function DoMouseOutX3X() { InIframeX3X = 0; }
    function PageUnloadX3X() { //check for right click.
    if (InIframeX3X) {
    AdsenseClickX3X ();
    InIframeX3X = 0;
    }}
  • 5. The Javascript Code: (addLoadEvent is a custom function to append the event to the list of on load functions)
    addLoadEvent(SriInitialize);
    var InIframeX3X = 0;
    var DetectedClickX3X = 0;
    function SriInitialize () {
    if (document.getElementsByTagName || document.body.all) {
    variframelist;
    if (document.getElementsByTagName)
    iframelist = document.body.getElementsByTagName('IFRAME');
    else
    iframelist = document.body.all.tags('IFRAME');
    for (var c = 0; c < iframelist.length; c++) {
    //if (iframelist[c].src.indexOf('googlesyndication.com') != -1) {
    if (iframelist[c].src.indexOf('googleads.g.doubleclick.net') != -1) {
    iframelist[c].onfocus = AdsenseClickX3X;
    iframelist[c].onmouseover = DoMouseOverX3X;
    iframelist[c].onmouseout = DoMouseOutX3X;
    } else {
    }
    }
    }
    }
    window.onbeforeunload = PageUnloadX3X;
  • 6. What to do on click?
    Fire a GET event (by trying to load an image)
    function AdsenseClickX3X() {
    if (! DetectedClickX3X) {
    DetectedClickX3X = 1;
    //alert ('AdsenseClick');
    trackerimg = new Image();
    trackerimg.src = ‘adsenselock.php?t=1';
    }
    }
  • 7. Track the GET[‘t’] events (ad clicks) and page views.
    $xsql = "SELECT * FROM $sri_dbtable2 WHERE sessid='" . $sessid . "'";
    $result = mysql_query ($xsql);
    if ($result && mysql_num_rows($result) == 1) {
    $sri_dbrecord = mysql_fetch_array ($result);
    $pages = $sri_dbrecord ['pages'];
    $adclicks = $sri_dbrecord ['adclicks'];
    if ($_GET['t']) {
    $adclicks ++;
    } else {
    $pages++;
    }
    $xsql = "UPDATE $sri_dbtable2 SET pages=$pages, adclicks=$adclicks, utime=$curtime WHERE sessid='$sessid'";
    mysql_query ($xsql);
    } else {
    $pages = 1;
    $adclicks = 0;
    if ($_GET['t']) $adclicks = 1;
    $xsql = "INSERT INTO $sri_dbtable2 VALUES ('$sessid', $userid, $pages, $adclicks, '$affiliate', $curtime, $curtime)";
    mysql_query ($xsql);
    }
    /////////////FINISHED GLOBAL INCREMENT////////////
  • 8. $blockads = 0;
    $blockadsPartially = 0;
    $refresh = 0;
    $ipaddr_int = ip2long ($_SERVER['REMOTE_ADDR']);
    $ipaddr = appendcookie($ipaddr_int);
    $curtime = time();
    $expired = $curtime - $trackhours * 3600;
    $xsql = "SELECT * FROM $sri_dbtable WHERE ipaddr='$ipaddr'";
    $result = mysql_query ($xsql);
    if ($result && mysql_num_rows($result) == 1) {
    $sri_dbrecord = mysql_fetch_array ($result);
    $utime = $sri_dbrecord ['utime'];
    $pages = $sri_dbrecord ['pages'];
    $adclicks = $sri_dbrecord ['adclicks'];
    if ($utime < $expired) {
    $pages = 0;
    $adclicks = 0;
    }
    if ($_GET['t']) {
    $adclicks ++;
    //if ($adclicks >= $maxadclicks) $pages = $pageviews;
    } else {
    if ($pages < $pageviews + 2) $pages ++;
    }
    $xsql = "UPDATE $sri_dbtable SET utime=$curtime, pages=$pages, adclicks=$adclicks WHERE ipaddr='$ipaddr'";
    mysql_query ($xsql);
    if ($pages == $pageviews + 1) $refresh = 1;
    if ($pages > $pageviews || $adclicks >= $maxadclicks+1) $blockads = 1;
    if ($pages > $pageviews || $adclicks >= $maxadclicks) $blockadsPartially = 1;
    } else {
    $pages = 1;
    $adclicks = 0;
    if ($_GET['t']) $adclicks = 1;
    $xsql = "INSERT INTO $sri_dbtable VALUES ('$ipaddr', $curtime, $pages, $adclicks)";
    mysql_query ($xsql);
    }
    if ($_GET['t']) exit();
  • 9. Ad Replacement (sort of outside of drupal)
    Adsenselock.php
    if ($blockads)
    ob_start ("ReplaceAds");
    else if ($blockadsPartially)
    ob_start ("ReplaceAdsPartially");
    else if ($maxadclicks < 100)
    ob_start ("InsertTracking");
    Page.tpl.php
    <?phprequire_once 'adsenselock.php'; ?> </head>
    … </body> <?phpob_end_flush(); ?>
  • 10. adsenselock.php itself
    It is ugly, long and unreadable.
    Sorry!
    Opening the raw file …
    Making it available online.