Immunizing your site against click fraud
•Télécharger en tant que PPTX, PDF•
0 j'aime•748 vues
Recommandé
Contenu connexe
Dernier
Dernier (20)
En vedette
En vedette (20)
Immunizing your site against click fraud
- 1. Immunizing your site against Click Fraud How to monitor and prevent excessive ad clicks -- Srikanth Bangalore. Bangalore.srikanth@gmail.com Drupal ID: bangalos
- 2. The Scenario: You have signed up with googleadsense Google asks you to paste the following somewhere in your page: <div id="googlehorizontalad2"> <script type="text/javascript"><!-- google_ad_client = "pub-2457397907088834"; /* Footer Ad */ google_ad_slot = "1589389617"; google_ad_width = 728; google_ad_height = 90; //--> </script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script> You paste it in the footer (block) of all your Drupal pages. You also sometimes show it on the right.
- 3. Paranoid: Refresh page on Browser Back Include the following in page.tpl.php: </head><body> <input type="hidden" id="refreshed" value="no"> <script type="text/javascript"> addLoadEvent(refresheverytime); function refresheverytime(){ var e=document.getElementById("refreshed"); if(e.value=="no")e.value="yes"; else{e.value="no"; location.replace(location.href);} } </script>
- 4. Strategy for detecting Adclick Identify all IFrames for the Ads and associate with each of them an eventhandler function: OnFocus (implies left click) = AdsenseClickX3X; OnMouseOver= DoMouseOverX3X; OnMouseOut= DoMouseOutX3X; Associate with the window window.onbeforeunload= PageUnloadX3X; Definitions: function DoMouseOverX3X() { InIframeX3X = 1; } function DoMouseOutX3X() { InIframeX3X = 0; } function PageUnloadX3X() { //check for right click. if (InIframeX3X) { AdsenseClickX3X (); InIframeX3X = 0; }}
- 5. The Javascript Code: (addLoadEvent is a custom function to append the event to the list of on load functions) addLoadEvent(SriInitialize); var InIframeX3X = 0; var DetectedClickX3X = 0; function SriInitialize () { if (document.getElementsByTagName || document.body.all) { variframelist; if (document.getElementsByTagName) iframelist = document.body.getElementsByTagName('IFRAME'); else iframelist = document.body.all.tags('IFRAME'); for (var c = 0; c < iframelist.length; c++) { //if (iframelist[c].src.indexOf('googlesyndication.com') != -1) { if (iframelist[c].src.indexOf('googleads.g.doubleclick.net') != -1) { iframelist[c].onfocus = AdsenseClickX3X; iframelist[c].onmouseover = DoMouseOverX3X; iframelist[c].onmouseout = DoMouseOutX3X; } else { } } } } window.onbeforeunload = PageUnloadX3X;
- 6. What to do on click? Fire a GET event (by trying to load an image) function AdsenseClickX3X() { if (! DetectedClickX3X) { DetectedClickX3X = 1; //alert ('AdsenseClick'); trackerimg = new Image(); trackerimg.src = ‘adsenselock.php?t=1'; } }
- 7. Track the GET[‘t’] events (ad clicks) and page views. $xsql = "SELECT * FROM $sri_dbtable2 WHERE sessid='" . $sessid . "'"; $result = mysql_query ($xsql); if ($result && mysql_num_rows($result) == 1) { $sri_dbrecord = mysql_fetch_array ($result); $pages = $sri_dbrecord ['pages']; $adclicks = $sri_dbrecord ['adclicks']; if ($_GET['t']) { $adclicks ++; } else { $pages++; } $xsql = "UPDATE $sri_dbtable2 SET pages=$pages, adclicks=$adclicks, utime=$curtime WHERE sessid='$sessid'"; mysql_query ($xsql); } else { $pages = 1; $adclicks = 0; if ($_GET['t']) $adclicks = 1; $xsql = "INSERT INTO $sri_dbtable2 VALUES ('$sessid', $userid, $pages, $adclicks, '$affiliate', $curtime, $curtime)"; mysql_query ($xsql); } /////////////FINISHED GLOBAL INCREMENT////////////
- 8. $blockads = 0; $blockadsPartially = 0; $refresh = 0; $ipaddr_int = ip2long ($_SERVER['REMOTE_ADDR']); $ipaddr = appendcookie($ipaddr_int); $curtime = time(); $expired = $curtime - $trackhours * 3600; $xsql = "SELECT * FROM $sri_dbtable WHERE ipaddr='$ipaddr'"; $result = mysql_query ($xsql); if ($result && mysql_num_rows($result) == 1) { $sri_dbrecord = mysql_fetch_array ($result); $utime = $sri_dbrecord ['utime']; $pages = $sri_dbrecord ['pages']; $adclicks = $sri_dbrecord ['adclicks']; if ($utime < $expired) { $pages = 0; $adclicks = 0; } if ($_GET['t']) { $adclicks ++; //if ($adclicks >= $maxadclicks) $pages = $pageviews; } else { if ($pages < $pageviews + 2) $pages ++; } $xsql = "UPDATE $sri_dbtable SET utime=$curtime, pages=$pages, adclicks=$adclicks WHERE ipaddr='$ipaddr'"; mysql_query ($xsql); if ($pages == $pageviews + 1) $refresh = 1; if ($pages > $pageviews || $adclicks >= $maxadclicks+1) $blockads = 1; if ($pages > $pageviews || $adclicks >= $maxadclicks) $blockadsPartially = 1; } else { $pages = 1; $adclicks = 0; if ($_GET['t']) $adclicks = 1; $xsql = "INSERT INTO $sri_dbtable VALUES ('$ipaddr', $curtime, $pages, $adclicks)"; mysql_query ($xsql); } if ($_GET['t']) exit();
- 9. Ad Replacement (sort of outside of drupal) Adsenselock.php if ($blockads) ob_start ("ReplaceAds"); else if ($blockadsPartially) ob_start ("ReplaceAdsPartially"); else if ($maxadclicks < 100) ob_start ("InsertTracking"); Page.tpl.php <?phprequire_once 'adsenselock.php'; ?> </head> … </body> <?phpob_end_flush(); ?>
- 10. adsenselock.php itself It is ugly, long and unreadable. Sorry! Opening the raw file … Making it available online.