This is interesting, though on a small scale, it’s still relevant. I run Google Adwords (display ads on specific search terms with Google) for a service I created called WebBasedCron. A little while ago, I decided to start tracking what ads were really being clicked — i.e. when an advertisement was clicked, it would send them to a special URL (ex. www.webbasedcron.com/?action=advwbc). Then I would use PHP code like the following to record the persons IP, the date, time and their session id.

Code:
1
 
if ( $read_action == "advwbc" ) {
        $session = $user->db->quote(session_id());
        $ip = $user->db->quote($_SERVER['REMOTE_ADDR']);
        $date = $user->db->quote(date("'Y-m-d'"));
        $time = $user->db->quote(date('H:i:s'));
        $sqlInsert = "INSERT INTO webcron_google(date,time,ip,session) VALUES ($date,$time,$ip,$session)";
        $user->db->query($sqlInsert);
}

The session is important because it tells me if the advertisement was clicked in the same instance of the browser or not (when you restart your browser, you get a new session). So lets look at the results for March 9th (yesterday). I changed nothing, only hid half the persons IP address.

Code:
1
 
2007-03-09  	04:16:35  	211.30.xxx.xx  	9fbe09012f7ce71854b1e040b0b0fe3c
2007-03-09 	04:17:20 	211.30.xxx.xx 	9fbe09012f7ce71854b1e040b0b0fe3c
2007-03-09 	04:17:47 	211.30.xxx.xx 	9fbe09012f7ce71854b1e040b0b0fe3c
2007-03-09 	04:18:07 	211.30.xxx.xx 	9fbe09012f7ce71854b1e040b0b0fe3c
2007-03-09 	04:18:10 	211.30.xxx.xx 	9fbe09012f7ce71854b1e040b0b0fe3c
2007-03-09 	04:18:13 	211.30.xxx.xx 	9fbe09012f7ce71854b1e040b0b0fe3c
2007-03-09 	04:18:34 	211.30.xxx.xx 	9fbe09012f7ce71854b1e040b0b0fe3c
2007-03-09 	04:18:36 	211.30.xxx.xx 	9fbe09012f7ce71854b1e040b0b0fe3c
2007-03-09 	07:47:21 	193.71.xx.x 	 1895a2c135512d29fa7002e6a8126e65
2007-03-09 	09:51:47 	59.144.xxx.xxx 	b5c090a6f26d83b890fd2faf79c17464

You may notice, that the first 8 lines were from the same IP address (211.30.xxx.xx) clicked between 04:16:35 to 04:18:36. It’s easy to see this person got pretty click happy, clicking the ad, hitting back, clicking the ad, etc. Furthermore, the session id is the same for all the 8 clicks, which means he/she was using the same browser instance. I would expect Google to be able to detect this type of click fraud and only charge me for 2 legitimate clicks, the ones placed at 07:47:21 and 09:51:47 (not from 211.30.xxx.xx). The strange part, is I was charged for 4 clicks that day. That means of the 8 illegitimate clicks, Google charged me for 2 of them.

Believe me, at an average cost per click of $0.11, it really doesn’t matter, but I can imagine for larger companies, Google must be making a fortune off these people. Its really hard to side with Google on this, I mean if they deemed 6 of those clicks illegitimate, why not the remaining 2?? Do people really click the same advertisement 8 times in 2 minutes, with many of them 3 seconds apart? It’s easy to see that even through blatant click fraud Google shamelessly makes money.