|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
01-26-2005, 11:55 AM
|
#1 |
|
Registered User
Join Date: Aug 2004
Posts: 58
|
"fake" traffic ? what is this ?
Hey guys, got a quick question here. I seem to be getting a lot of "fake" traffic and I am wondering if this is a standard browser behaviour, bug or a bot posing as a visitor. I get in my logs, people that repeatedely ask for the "/" document but then don't download anything: no images, no css, nothing else. Example logs are shown below:
209.28.22.13 - - [26/Jan/2005:13:43:44 -0500] "GET / HTTP/1.1" 200 9883 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0" 209.28.22.13 - - [26/Jan/2005:13:43:50 -0500] "GET / HTTP/1.1" 200 9883 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0" 209.28.22.13 - - [26/Jan/2005:13:43:56 -0500] "GET / HTTP/1.1" 200 9883 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0" 209.28.22.13 - - [26/Jan/2005:13:44:06 -0500] "GET / HTTP/1.1" 200 9883 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0" 209.28.22.13 - - [26/Jan/2005:13:44:34 -0500] "GET / HTTP/1.1" 200 9883 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0" 209.28.22.13 - - [26/Jan/2005:13:44:39 -0500] "GET / HTTP/1.1" 200 9883 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0" Notice the seconds apart in requesting the / document but nothing else! I am asking because I have been arguing with business.com for over 1 month about this. My CPC with them is around 2.5$ and they charge me for hundreds of clicks that I don't even consider real clicks, just like above!! I tried reasoning with them but they claim those are still real visitors. Anyone knows what causes the pattern above to happen ? Thanks! |
|
|
|
01-26-2005, 12:00 PM
|
#2 |
|
Registered User
Join Date: Dec 2004
Posts: 69
|
It's the firefox browser alright, looks like a surfer, not a bot. Click fraud? Perhaps, what you're describing sounds alot like it.
__________________
|
|
|
|
|
01-26-2005, 12:00 PM
|
#3 |
|
►SouthOfHeaven
Join Date: Jun 2004
Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer
Posts: 28,609
|
i doubt its a bot as it has the browser string as firefox. maybe its some sort of frames. Do you run a referrer script or open stats program ?
__________________
hatisblack at yahoo.com |
|
|
|
|
01-26-2005, 12:02 PM
|
#4 | |
|
Confirmed User
Industry Role:
Join Date: Mar 2002
Posts: 3,893
|
Quote:
__________________
|
|
|
|
|
|
01-26-2005, 12:03 PM
|
#5 |
|
Registered User
Join Date: Aug 2004
Posts: 58
|
nope
to the website from which I have those logs I have no referral whatsoever except for google..but as you can see in those logs ( it's the combined format in Apache and it contains the referrer as well ), there is no referrer!
That IP just requested my / a few times and for real - see how it downloaded the full size of index.php which is 9883 bytes! I get tons of traffic like this on all of my websites but I only mind this on those for which I pay for the referral! I really need to find out what's causing this |
|
|
|
|
01-26-2005, 12:23 PM
|
#6 |
|
Registered User
Join Date: Aug 2004
Posts: 58
|
anyone ?
anyone seen or sees this behaviour in their logs ?
|
|
|
|
|
01-26-2005, 12:36 PM
|
#7 |
|
Retired
Industry Role:
Join Date: Jan 2004
Location: Sac
Posts: 18,453
|
Everytime I have seen it, It was from a hitbot.
__________________
|
|
|
|
|
01-26-2005, 12:50 PM
|
#8 |
|
been very busy
Join Date: Nov 2002
Location: the queen city
Posts: 26,983
|
smokeys sig rocks out lol
__________________
want to buy this spot for cheap? it is of course for sale. long term deals are always the best bet. brand0n/ at/ a o l dot commies.
|
|
|
|
|
01-26-2005, 12:53 PM
|
#9 | |
|
DINO CORTEZ™
Industry Role:
Join Date: Jun 2003
Location: Vancouver Island
Posts: 2,145
|
Quote:
-Dino |
|
|
|
|
|
01-26-2005, 12:59 PM
|
#10 |
|
Registered User
Join Date: Aug 2004
Posts: 58
|
hmm
sicone, so you are saying that a hitbot is faking the useragent and just goes around clicking on my links ?
Now I knew this was happening but I'm not sure why the retards at business.com aren't being more helpful in this matter. I've shown them logs under which one of these 'visitors' asked for /robots.txt but they still claimed it was valid! Not sure why they don't get that instead of trying to rip me for a few hundred dollars and pissing me off, they can work with me, not charge me for this obvious crap, and thus allow me to get a higher position or more listings with them! Right now I spend 1k for position #3 with something like 120 fake clicks when I could be getting position #1 for this money with only the real clicks! I guess I'm just trying to find undeniable proof of all this botting |
|
|
|
|
01-26-2005, 01:03 PM
|
#11 |
|
Confirmed User
Industry Role:
Join Date: Dec 2002
Location: Behind the scenes
Posts: 5,190
|
I'm not an expert but it looks like hitbot with long time sequence so it can pass through some simple ddos/hitbot protection
__________________
|
|
|
|
|
01-26-2005, 01:13 PM
|
#12 |
|
Confirmed User
Join Date: Jan 2005
Posts: 515
|
looks legit 2 me
__________________
See Sig |
|
|
|
|
01-26-2005, 01:49 PM
|
#13 | |
|
Confirmed User
Industry Role:
Join Date: Dec 2002
Location: Behind the scenes
Posts: 5,190
|
Quote:
the thing that makes me wonder is if they can fake useragent, they could easily fake IP too, then it would look completely legit. so with business.com if I click a link 100 times, will they charge for 100 clicks even though it came from single unique user?
__________________
|
|
|
|
|
|
01-26-2005, 02:04 PM
|
#14 |
|
I can change this!!!!!
Join Date: Feb 2004
Posts: 18,972
|
I dont see what the problem is?
__________________
 |
|
|
|
|
01-26-2005, 02:08 PM
|
#15 |
|
Confirmed User
Join Date: May 2003
Posts: 183
|
You are correct, No modern browser would send in a reqest string and not try and retrive the images. Most people are not using any of the features to turn off images.
The other proof, It's not requesting the Favicon.ico which Firefox and Mozilla ALWAYS ask for. here is a sample from a valid click on a page with no images: IPCONCEALED - - [DATE] "GET: / HTTP/1.1" 200 5836 "FULL URL" "Mozilla/5.0 (X11; U; Linux; rv:1.73 ) Gecko/20041020 Firefox/0.10.1 IPCONCEALED - - [DATE] "GET: /favicon.ico HTTP/1.1" 404 20731 "-" "Mozilla/5.0 (X11; U; Linux; rv:1.73) Gecko/20041020 Firefox/0.10.1" Give me 10 minutes with perl, and LWP and I can fake the Referer and The Request all in simple script. It's not that hard. |
|
|
|
|
01-26-2005, 02:33 PM
|
#16 |
|
<&(©¿©)&>
Industry Role:
Join Date: Jul 2002
Location: Chicago
Posts: 47,882
|
Looks like he is img srcing you, or is using a poor quality bot...
__________________
Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000 Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager  Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager |
|
|
|
|
01-26-2005, 02:46 PM
|
#17 |
|
Registered User
Join Date: Aug 2004
Posts: 58
|
yeah
faking UserAgent is no big deal..it can be done in Perl using LWP in a few minutes.
the big problem is proving this as I have no working partner in business.com. They are happy to charge me more and don't realize that they will instead lose my business and everyone's else business if they don't fight on the customer's side about the images as I said, I will post below a 'valid' click: 144.132.24.154 - - [12/Jan/2005:00:50:20 -0500] "GET / HTTP/1.1" 200 9309 144.132.24.154 - - [12/Jan/2005:00:50:20 -0500] "GET /gstyle.css HTTP/1.1" 200 2308 144.132.24.154 - - [12/Jan/2005:00:50:20 -0500] "GET /images/gtech_02.jpg HTTP/1.1" 200 32090 144.132.24.154 - - [12/Jan/2005:00:50:20 -0500] "GET /images/gtech_03.jpg HTTP/1.1" 200 4522 and so on... User fires up browser, comes to my website, gets index.html which in turn tells the browser to get all my images/css, etc. That's what you see above. In the clicks I complain about, like in the first post, the '/' is retrieved several times and each time it is retrieved completely - all the bytes. Usually, when a browser got a page once and the page is unchanged, it will not download it again and you will see a log without a transferred size which might look like this: 209.28.22.13 - - [26/Jan/2005:13:43:44 -0500] "GET / HTTP/1.1" 200 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0" instead of: 209.28.22.13 - - [26/Jan/2005:13:43:44 -0500] "GET / HTTP/1.1" 200 9883 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0" in other instances, as I said in a previous post, these 'visitors' ask for /robot.txt too! And as funny as it may sound, business.com reps told me that, that click too, was valid and billable. Yeah, I should probably switch providers but so far nobody else can provide specialized traffic the way they do. I am just pissed that instead of getting 600 real clicks at 3.5$ and being #1, I get 900 'shady' clicks at 2.5$ and am #3. |
|
|
|
|
01-26-2005, 03:57 PM
|
#18 |
|
So Fucking Banned
Join Date: Aug 2002
Posts: 5,579
|
sounds like a bot to me and it sucks... click fraud was the reason I stopped using adwords.
|
|
|
|
|
01-26-2005, 04:10 PM
|
#19 |
|
Confirmed User
Join Date: May 2003
Posts: 183
|
Are they ALWAYS coming from the 209.28.22.13 IP? or are they coming from multiple IP ranges?
|
|
|
|
|
01-26-2005, 04:30 PM
|
#20 |
|
Registered User
Join Date: Aug 2004
Posts: 58
|
.
that was just one example.
clicks can come from any IP address so I can not do any sort of IP blocking. And even if I did...I would still get charged. They can claim it's not their fault that I don't respond to certain IP addresses. well, anyhoo, sucky situation just beware if you plan on purchasing traffic from business.com. They act all nice on the phone in order to get your $$$ but do nothing to help you out! |
|
|
|
|
01-26-2005, 05:52 PM
|
#21 |
|
Confirmed User
Join Date: May 2003
Posts: 183
|
wow, Really sorry to hear that, good luck, and well noted.
|
|
|
|
|
01-26-2005, 06:04 PM
|
#22 |
|
Confirmed User
Join Date: Sep 2004
Posts: 825
|
fake useragent I'd say.
|
|
|
|
|
01-26-2005, 07:36 PM
|
#23 | |
|
Consigliere
Industry Role:
Join Date: Feb 2003
Posts: 1,771
|
Quote:
|
|
|
|
|
|
01-26-2005, 07:40 PM
|
#24 | |
|
OU812
Join Date: Feb 2001
Location: California
Posts: 12,651
|
Quote:
__________________
Epic CashEpic Cash works for me Solar Cash Paysite Plugin Gallery of the day freesites,POTD,Gallery generator with free hosting |
|
|
|
|
