Immunizing your site against Click Fraud<br />How to monitor and prevent excessive ad clicks<br />-- Srikanth Bangalore.<b...
The Scenario:<br />You have signed up with googleadsense<br />Google asks you to paste the following somewhere in your pag...
Paranoid: Refresh page on Browser Back<br />Include the following in page.tpl.php:<br /></head><body><br /><input type="hi...
Strategy for detecting Adclick<br />Identify all IFrames for the Ads and associate with each of them an eventhandler funct...
The Javascript Code: (addLoadEvent is a custom function to append the event to the list of on load functions)<br />addLoad...
What to do on click?<br />Fire a GET event (by trying to load an image)<br />function AdsenseClickX3X() {<br />   if (! De...
Track the GET[‘t’] events (ad clicks) and page views.<br />$xsql = "SELECT * FROM $sri_dbtable2 WHERE sessid='" . $sessid ...
$blockads = 0;<br />$blockadsPartially = 0;<br />$refresh = 0;<br />$ipaddr_int = ip2long ($_SERVER['REMOTE_ADDR']);<br />...
Ad Replacement (sort of outside of drupal)<br />Adsenselock.php<br />if ($blockads)<br />ob_start ("ReplaceAds");<br />els...
adsenselock.php itself<br />It is ugly, long and unreadable.<br />Sorry!<br />Opening the raw file … <br />Making it avail...
Upcoming SlideShare
Loading in...5
×

Immunizing your site against click fraud

1,208

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,208
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Immunizing your site against click fraud

  1. 1. Immunizing your site against Click Fraud<br />How to monitor and prevent excessive ad clicks<br />-- Srikanth Bangalore.<br />Bangalore.srikanth@gmail.com<br />Drupal ID: bangalos<br />
  2. 2. The Scenario:<br />You have signed up with googleadsense<br />Google asks you to paste the following somewhere in your page:<br /><div id="googlehorizontalad2"><br /> <script type="text/javascript"><!--<br />google_ad_client = "pub-2457397907088834";<br /> /* Footer Ad */<br />google_ad_slot = "1589389617";<br />google_ad_width = 728;<br />google_ad_height = 90;<br /> //--><br /> </script><br /> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script><br />You paste it in the footer (block) of all your Drupal pages.<br />You also sometimes show it on the right.<br />
  3. 3. Paranoid: Refresh page on Browser Back<br />Include the following in page.tpl.php:<br /></head><body><br /><input type="hidden" id="refreshed" value="no"><br /><script type="text/javascript"><br />addLoadEvent(refresheverytime);<br /> function refresheverytime(){<br />var e=document.getElementById("refreshed");<br /> if(e.value=="no")e.value="yes";<br /> else{e.value="no"; location.replace(location.href);}<br /> }<br /></script><br />
  4. 4. Strategy for detecting Adclick<br />Identify all IFrames for the Ads and associate with each of them an eventhandler function:<br />OnFocus (implies left click) = AdsenseClickX3X;<br />OnMouseOver= DoMouseOverX3X;<br />OnMouseOut= DoMouseOutX3X;<br />Associate with the window<br />window.onbeforeunload= PageUnloadX3X;<br />Definitions:<br />function DoMouseOverX3X() { InIframeX3X = 1; }<br />function DoMouseOutX3X() { InIframeX3X = 0; }<br />function PageUnloadX3X() { //check for right click.<br /> if (InIframeX3X) {<br /> AdsenseClickX3X (); <br /> InIframeX3X = 0;<br /> }}<br />
  5. 5. The Javascript Code: (addLoadEvent is a custom function to append the event to the list of on load functions)<br />addLoadEvent(SriInitialize);<br />var InIframeX3X = 0;<br />var DetectedClickX3X = 0;<br />function SriInitialize () {<br />if (document.getElementsByTagName || document.body.all) {<br />variframelist;<br /> if (document.getElementsByTagName)<br />iframelist = document.body.getElementsByTagName('IFRAME');<br /> else<br />iframelist = document.body.all.tags('IFRAME');<br /> for (var c = 0; c < iframelist.length; c++) {<br /> //if (iframelist[c].src.indexOf('googlesyndication.com') != -1) {<br /> if (iframelist[c].src.indexOf('googleads.g.doubleclick.net') != -1) {<br />iframelist[c].onfocus = AdsenseClickX3X;<br />iframelist[c].onmouseover = DoMouseOverX3X;<br />iframelist[c].onmouseout = DoMouseOutX3X;<br /> } else {<br /> }<br /> }<br /> }<br /> }<br />window.onbeforeunload = PageUnloadX3X;<br />
  6. 6. What to do on click?<br />Fire a GET event (by trying to load an image)<br />function AdsenseClickX3X() {<br /> if (! DetectedClickX3X) {<br /> DetectedClickX3X = 1;<br /> //alert ('AdsenseClick');<br />trackerimg = new Image();<br /> trackerimg.src = ‘adsenselock.php?t=1';<br /> }<br /> }<br />
  7. 7. Track the GET[‘t’] events (ad clicks) and page views.<br />$xsql = "SELECT * FROM $sri_dbtable2 WHERE sessid='" . $sessid . "'";<br />$result = mysql_query ($xsql);<br />if ($result && mysql_num_rows($result) == 1) {<br /> $sri_dbrecord = mysql_fetch_array ($result);<br /> $pages = $sri_dbrecord ['pages'];<br /> $adclicks = $sri_dbrecord ['adclicks'];<br /> if ($_GET['t']) {<br /> $adclicks ++;<br /> } else {<br /> $pages++;<br /> }<br /> $xsql = "UPDATE $sri_dbtable2 SET pages=$pages, adclicks=$adclicks, utime=$curtime WHERE sessid='$sessid'";<br />mysql_query ($xsql);<br />} else {<br /> $pages = 1;<br /> $adclicks = 0;<br /> if ($_GET['t']) $adclicks = 1;<br /> $xsql = "INSERT INTO $sri_dbtable2 VALUES ('$sessid', $userid, $pages, $adclicks, '$affiliate', $curtime, $curtime)";<br />mysql_query ($xsql);<br />}<br />/////////////FINISHED GLOBAL INCREMENT////////////<br />
  8. 8. $blockads = 0;<br />$blockadsPartially = 0;<br />$refresh = 0;<br />$ipaddr_int = ip2long ($_SERVER['REMOTE_ADDR']);<br />$ipaddr = appendcookie($ipaddr_int);<br />$curtime = time();<br />$expired = $curtime - $trackhours * 3600;<br />$xsql = "SELECT * FROM $sri_dbtable WHERE ipaddr='$ipaddr'";<br />$result = mysql_query ($xsql);<br />if ($result && mysql_num_rows($result) == 1) {<br /> $sri_dbrecord = mysql_fetch_array ($result);<br /> $utime = $sri_dbrecord ['utime'];<br /> $pages = $sri_dbrecord ['pages'];<br /> $adclicks = $sri_dbrecord ['adclicks'];<br /> if ($utime < $expired) {<br /> $pages = 0;<br /> $adclicks = 0;<br /> }<br /> if ($_GET['t']) {<br /> $adclicks ++;<br /> //if ($adclicks >= $maxadclicks) $pages = $pageviews;<br /> } else {<br /> if ($pages < $pageviews + 2) $pages ++;<br /> }<br /> $xsql = "UPDATE $sri_dbtable SET utime=$curtime, pages=$pages, adclicks=$adclicks WHERE ipaddr='$ipaddr'";<br />mysql_query ($xsql);<br /> if ($pages == $pageviews + 1) $refresh = 1;<br /> if ($pages > $pageviews || $adclicks >= $maxadclicks+1) $blockads = 1;<br /> if ($pages > $pageviews || $adclicks >= $maxadclicks) $blockadsPartially = 1;<br />} else {<br /> $pages = 1;<br /> $adclicks = 0;<br /> if ($_GET['t']) $adclicks = 1;<br /> $xsql = "INSERT INTO $sri_dbtable VALUES ('$ipaddr', $curtime, $pages, $adclicks)";<br />mysql_query ($xsql);<br />}<br />if ($_GET['t']) exit();<br />
  9. 9. Ad Replacement (sort of outside of drupal)<br />Adsenselock.php<br />if ($blockads)<br />ob_start ("ReplaceAds");<br />else if ($blockadsPartially)<br />ob_start ("ReplaceAdsPartially");<br />else if ($maxadclicks < 100)<br />ob_start ("InsertTracking");<br />Page.tpl.php<br /><?phprequire_once 'adsenselock.php'; ?> </head><br />… </body> <?phpob_end_flush(); ?><br />
  10. 10. adsenselock.php itself<br />It is ugly, long and unreadable.<br />Sorry!<br />Opening the raw file … <br />Making it available online.<br />
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×