Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Immunizing your site against click fraud

1,430 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Immunizing your site against click fraud

  1. 1. Immunizing your site against Click Fraud<br />How to monitor and prevent excessive ad clicks<br />-- Srikanth Bangalore.<br />Bangalore.srikanth@gmail.com<br />Drupal ID: bangalos<br />
  2. 2. The Scenario:<br />You have signed up with googleadsense<br />Google asks you to paste the following somewhere in your page:<br /><div id="googlehorizontalad2"><br /> <script type="text/javascript"><!--<br />google_ad_client = "pub-2457397907088834";<br /> /* Footer Ad */<br />google_ad_slot = "1589389617";<br />google_ad_width = 728;<br />google_ad_height = 90;<br /> //--><br /> </script><br /> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script><br />You paste it in the footer (block) of all your Drupal pages.<br />You also sometimes show it on the right.<br />
  3. 3. Paranoid: Refresh page on Browser Back<br />Include the following in page.tpl.php:<br /></head><body><br /><input type="hidden" id="refreshed" value="no"><br /><script type="text/javascript"><br />addLoadEvent(refresheverytime);<br /> function refresheverytime(){<br />var e=document.getElementById("refreshed");<br /> if(e.value=="no")e.value="yes";<br /> else{e.value="no"; location.replace(location.href);}<br /> }<br /></script><br />
  4. 4. Strategy for detecting Adclick<br />Identify all IFrames for the Ads and associate with each of them an eventhandler function:<br />OnFocus (implies left click) = AdsenseClickX3X;<br />OnMouseOver= DoMouseOverX3X;<br />OnMouseOut= DoMouseOutX3X;<br />Associate with the window<br />window.onbeforeunload= PageUnloadX3X;<br />Definitions:<br />function DoMouseOverX3X() { InIframeX3X = 1; }<br />function DoMouseOutX3X() { InIframeX3X = 0; }<br />function PageUnloadX3X() { //check for right click.<br /> if (InIframeX3X) {<br /> AdsenseClickX3X (); <br /> InIframeX3X = 0;<br /> }}<br />
  5. 5. The Javascript Code: (addLoadEvent is a custom function to append the event to the list of on load functions)<br />addLoadEvent(SriInitialize);<br />var InIframeX3X = 0;<br />var DetectedClickX3X = 0;<br />function SriInitialize () {<br />if (document.getElementsByTagName || document.body.all) {<br />variframelist;<br /> if (document.getElementsByTagName)<br />iframelist = document.body.getElementsByTagName('IFRAME');<br /> else<br />iframelist = document.body.all.tags('IFRAME');<br /> for (var c = 0; c < iframelist.length; c++) {<br /> //if (iframelist[c].src.indexOf('googlesyndication.com') != -1) {<br /> if (iframelist[c].src.indexOf('googleads.g.doubleclick.net') != -1) {<br />iframelist[c].onfocus = AdsenseClickX3X;<br />iframelist[c].onmouseover = DoMouseOverX3X;<br />iframelist[c].onmouseout = DoMouseOutX3X;<br /> } else {<br /> }<br /> }<br /> }<br /> }<br />window.onbeforeunload = PageUnloadX3X;<br />
  6. 6. What to do on click?<br />Fire a GET event (by trying to load an image)<br />function AdsenseClickX3X() {<br /> if (! DetectedClickX3X) {<br /> DetectedClickX3X = 1;<br /> //alert ('AdsenseClick');<br />trackerimg = new Image();<br /> trackerimg.src = ‘adsenselock.php?t=1';<br /> }<br /> }<br />
  7. 7. Track the GET[‘t’] events (ad clicks) and page views.<br />$xsql = "SELECT * FROM $sri_dbtable2 WHERE sessid='" . $sessid . "'";<br />$result = mysql_query ($xsql);<br />if ($result && mysql_num_rows($result) == 1) {<br /> $sri_dbrecord = mysql_fetch_array ($result);<br /> $pages = $sri_dbrecord ['pages'];<br /> $adclicks = $sri_dbrecord ['adclicks'];<br /> if ($_GET['t']) {<br /> $adclicks ++;<br /> } else {<br /> $pages++;<br /> }<br /> $xsql = "UPDATE $sri_dbtable2 SET pages=$pages, adclicks=$adclicks, utime=$curtime WHERE sessid='$sessid'";<br />mysql_query ($xsql);<br />} else {<br /> $pages = 1;<br /> $adclicks = 0;<br /> if ($_GET['t']) $adclicks = 1;<br /> $xsql = "INSERT INTO $sri_dbtable2 VALUES ('$sessid', $userid, $pages, $adclicks, '$affiliate', $curtime, $curtime)";<br />mysql_query ($xsql);<br />}<br />/////////////FINISHED GLOBAL INCREMENT////////////<br />
  8. 8. $blockads = 0;<br />$blockadsPartially = 0;<br />$refresh = 0;<br />$ipaddr_int = ip2long ($_SERVER['REMOTE_ADDR']);<br />$ipaddr = appendcookie($ipaddr_int);<br />$curtime = time();<br />$expired = $curtime - $trackhours * 3600;<br />$xsql = "SELECT * FROM $sri_dbtable WHERE ipaddr='$ipaddr'";<br />$result = mysql_query ($xsql);<br />if ($result && mysql_num_rows($result) == 1) {<br /> $sri_dbrecord = mysql_fetch_array ($result);<br /> $utime = $sri_dbrecord ['utime'];<br /> $pages = $sri_dbrecord ['pages'];<br /> $adclicks = $sri_dbrecord ['adclicks'];<br /> if ($utime < $expired) {<br /> $pages = 0;<br /> $adclicks = 0;<br /> }<br /> if ($_GET['t']) {<br /> $adclicks ++;<br /> //if ($adclicks >= $maxadclicks) $pages = $pageviews;<br /> } else {<br /> if ($pages < $pageviews + 2) $pages ++;<br /> }<br /> $xsql = "UPDATE $sri_dbtable SET utime=$curtime, pages=$pages, adclicks=$adclicks WHERE ipaddr='$ipaddr'";<br />mysql_query ($xsql);<br /> if ($pages == $pageviews + 1) $refresh = 1;<br /> if ($pages > $pageviews || $adclicks >= $maxadclicks+1) $blockads = 1;<br /> if ($pages > $pageviews || $adclicks >= $maxadclicks) $blockadsPartially = 1;<br />} else {<br /> $pages = 1;<br /> $adclicks = 0;<br /> if ($_GET['t']) $adclicks = 1;<br /> $xsql = "INSERT INTO $sri_dbtable VALUES ('$ipaddr', $curtime, $pages, $adclicks)";<br />mysql_query ($xsql);<br />}<br />if ($_GET['t']) exit();<br />
  9. 9. Ad Replacement (sort of outside of drupal)<br />Adsenselock.php<br />if ($blockads)<br />ob_start ("ReplaceAds");<br />else if ($blockadsPartially)<br />ob_start ("ReplaceAdsPartially");<br />else if ($maxadclicks < 100)<br />ob_start ("InsertTracking");<br />Page.tpl.php<br /><?phprequire_once 'adsenselock.php'; ?> </head><br />… </body> <?phpob_end_flush(); ?><br />
  10. 10. adsenselock.php itself<br />It is ugly, long and unreadable.<br />Sorry!<br />Opening the raw file … <br />Making it available online.<br />

×