...good thinking

Case Study: Web Advertising

Company A was just starting out with pay-per-click adverts - "sponsored links" on search engines and similar. It had been working OK for the last few months, increasing their sales and visitors by enough to justify the expense each time they refined their campaigns or spent a little more.

Their ad manager called us because they were unexpectedly spending a lot more money on the same type of adverts, but without any corresponding results.

  • Was there foul play?
  • Had a competitor noticed their adverts and kept clicking them? Or something similar but smarter?
  • In short, was someone trying a click-fraud attack on them?

What we did

Photo I downloaded the server logs and computed some general-purpose statistics. First, I looked for obvious attacks: were any particular machines or domains responsible for most of the clicks? Many people use the same ISP at home and at work, in my experience, so if it was a particular competitor, I'd expect to see lots of clicks from one domain. Nothing really stood out.

The next thing I looked at was geographic location. The pay-per-click adverts are targetted at European users on European sites. If it was some sort of distributed denial-of-service attack, I'd expect to see some increase in American and Asian traffic. Where were visitors coming from?

I looked up locations by the first parts of the IP address, which is crude, but good enough for this. You could do something similar with the the xkcd ipv4 map - it looked like most of the addresses were in Europe, as expected. There was one interesting US grouping, but that turned out to be one of the ad networks checking their links.

So, I compared the time distributions of clicks now with clicks a month ago (when the ads were working fine). There were increased numbers of clicks just before 9, just after 17 and midnight to 0400 local time. I could dismiss the clicks just outside common work hours as people looking to buy for their hobbies, but midnight-4 seemed a bit strange.

The Cause

The midnight-4 clicks were coming mostly from ad placements on one site which was new to the ad network. Looking at that site, it seems they specialise in 'sexy videos' of celebrities. Needless to say, that was not my customer's intended target market! Almost all of the increase was due to that one site.

Did any of those visitors stay long? No. Some of them behaved like web spiders, downloading a page and all links from it. I think that could be people bulk-downloading videos overnight.

The Solution

The analysis was sent to the ad manager and he updated their campaigns to exclude that site and any similar ones. Their ad spend is back under control and their results are improving again.

It reminded me of the John Wanamaker quote

"Half of my advertising is wasted, I just don't know which half."

Maybe by monitoring web statistics better, we can reduce it below half for web ads - or at least limit it to half?

Read More

Read more on our webmastering page.