Slashdot Mirror
Man Accused of Attempting to Extort Google
sandalwood writes "A programmer has been arrested on charges of attempting to "threaten Google with a software program he devised that creates phony clicks on pop-up advertisements delivered by Google. Google pays Web site publishers companies a certain amount for legitimate hits on those ads, but Bradley created a method that generates false clicks that appeared to be real Internet traffic, which would have repeatedly defrauded Google... Bradley contacted Google in early March, informing company officials that he had created the program and wanted $100,000 to keep him from selling it to spammers, according to an affidavit by a U.S. Secret Service agent." A harbinger of organized crime to come? That's a real nice website you have here... a shame if anything were to happen to it..."
Want to really annoy your competition ? Do the same thing actually on a google search page - just make it "search" 1000 times for words that bring up your competitions 'adwords' box, then "click" the adwords link. Google then bills your competitor for the maximum (s)he specified per day/week/month and, bonus!, your competitor then drops down the rankings for which google Adword to display...
Random words mixed in with the key ones, random delays between searches, random User-Agent, etc., etc. Seems like it would be easy to do, and hard to track...
Simon.
Physicists get Hadrons!
I wonder how long he had to Google before he figured out the technical details of how to do that? ;-)
;-)
Search terms: "how to extort" AND money AND "from google"
This is blackmail, plain and simple. It is just happening in cyberspace and the current laws are thankfully being applied in this new world. There is no genuine economic transaction being furthered by this man's program but to destroy Google's income. He doesn't have a leg to stand on in court.
A NYC lawyer blogs. http://www.chuangblog.com/
You can find articles about the fellow by looking at the top Google hits for "moron," "fucktard," and "what the hell were you thinking?"
Next time, just go straight to the spammers.
That's a real nice website you have here... a shame if anything were to happen to it...
Isn't this what Slashdot is trying to do? No?
Martin
I'm amazed that this guy thought that google would pay out. If he was clever he would set up a few websites and rake the money in slowly over a length of time. I guess greed got the better of him.
feeling lucky
Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.
Next time don't go to those you are trying to extort. Just go straight to the competition. I'm sure the spammers would have paid him much more than $100,000 collectively and not turned him in.
Imagine, he could have licensed his software to the spammers and charged them an annual fee to use it. He could have been the "Microsoft" of the spamming industry.
I am Bennett Haselton! I am Bennett Haselton!
Hi. I'm Troy McClure. You might remember me from such search-engine fraud films as "The Altavistan Job", "The Great Dogpile Caper", and "Lycos Grifters IV: Electric Boogaloo".
...a new revenue stream.
Hi little guy, this is Cmdr.Taco... We're going to link to your site in an article. What? You say you can't handle the traffic? For the low low cost of $699 we can grant you a license to mirror your site on our finely tuned slashdot-proof servers.
This guy tried to extort the search engine that allows you to find almost anything including almost anybody and he was expecting to not get caught?
Stupid!
Even if I knew that tomorrow the world would go to pieces, I would still plant my apple tree. -Martin Luther
Apart from being threatened, surely Google have sufficiently intelligent engineers to figure out a solution to this problem?
No doubt the software would follow a particular pattern, which even in a large amount of data, could possibly be tracked and with regards to things like open proxies, it would surprise me if Google didn't already check for things like that.
How is falsely inflating banner views and click-throughs not fraud? You are defrauding the company in order that they will pay you for advertising that was never "aired" to the public.
I havent seen any, I do use the google tool bar though.
BTW, I have also devised a program to simulate fake activity. Use any of the windows based graphical macro programs, load google, search, click the ad, save macro, repeat it in a loop. You could do this in multiple VMWare sessions if you wanted to increase your "productivity".
For your Occupation, choose 2 of the following three:
1) Fun
2) Well-paying
3) Legal
This guy probably was legal up to the point of threatening Google. I guess that the fine line between the criminal mind and normal everyday greed.
I need a TiVo for my car. Pause live traffic now.
"Come out with your hard drives up or we'll send in the slashdotters and Shaft!"
The way of the future... Just wait till Bush catchs on, Cowboy Neal and Taco will be billionairs with an army of geeks on hand...
TO THE SLASHDOT MOBILE!
--- [Insert intresting Sig here]
He didnt click on banners and is not charges with doing so. He is charged with threatening to harm their ability to make money, the means to which are clearly wrong. He said 'gimme some money, or i release a nefarious program' that request is the crime, not the actions themselves.
I figured out and wrote a perl script to increase my karma. Give me $1200 worth of ThinkGeek stuff, or I'll post it in the forums!!!!
I am Bennett Haselton! I am Bennett Haselton!
A series of funny quotes come to mind: 'You want I should break your links?' 'Mario, I need you to 404 this site.' 'I will ping flood you so fast, you wont know what hit you.' 'I host your site. You've never google me. You dont visit my page. And now you want me to bring down this site. What am I supposed to think?' 'Johhny, I swear, I'll get you your page hits. I just need some more time.'
The flying hamster of DOOM rains coconuts on your pitiful city.
Very similar to the google case, I think step 4 only applies to the lawyers
Warning: Opinions known to be heavily biased.
Spammers, on the other hand, have now moved onto blogs lately. Fred Rodriguez, a rider Emeryville, CA, for italian team Aqua e Sapone has spams for the usual penis enlargment, diet pills, cheap computer eqz, etc. on his guest book. Spammers got no shame, just like this fool.
A feeling of having made the same mistake before: Deja Foobar
He was very easy to track down. Apparently, a red flag gets raised at Google whenever anyone actually clicks on those ads. So, they eliminated the guy who needed ink jet cartridges and sent the police in.
There are no karma whores, only moderation johns
Maybe Linux Today can ask for money from major media outlets to prevent them from linking.
"How to hack google.com" AND "how to code"
"How is falsely inflating banner views and click-throughs not fraud?"
You'd be better off asking if it IS fraud.
"You are defrauding the company in order..."
No fraud is possible doing clicks like this. The crime is the guy's extortion threat.
Every SlashDotter should click on every advertisement that you see on Slashdot. Slashodot will get paid and the advertisers will get a heavy bill - everyone wins.
That would be a nice technology to add to Mozilla 1.x where it automatically hides the advertisement and treats it like a click through where advertisers get tired of paying out.
I've yet to see Web-based advertising of Google, much less pop-up advertising. This makes me think that the story is simply wrong, and reversed the roles.
* Google does not provide "pop-up ads". They provide text-based ads.
* Google does not pay website owners for AdWords. The owners pay Google to for advertising space on Google.
This is my 5000th post.
May we never see th
This brings up some other related concerns about having robots browse pages, even when the intent is not malicious.
Some ads on websites are sold 'per-view' and not 'per-click', but if a web-crawling robot hits it, should it count as a view? Are the authors of these bots stealing from the advertiser?
A while ago I wrote a bot that posts to slashdot. He even had decent Karma for a while, before getting a bit confused. In any case, my bot would usually post some links in his comments, which could have the effect of altering the target's page ranking on Google (this was not his purpose though). Am I somehow culpable for cheating Google?
Anyway, the point is that I think robots should have some limited rights to view pages and do human-like behavior on the net.
...why he thought spammers would use this software to raise costs for Google? What would be in it for them?
I know, I did read the article, i just am incoherent. The clicking itself is only fraud in virtue of the threat
Anyone remember the company AllAdvantage (was that really the name?) that paid users to click on ads during the dotcom boom? I remember almost everyone was into it ... people were making hundreds, even thousands of dollers per month.
... set it up to run all night, go to sleep, wake up rich in the morning. That's probably why the thing was so popular!
... the idea being that if the mouse wasn't moving, but clicks were coming in, then it was a cheat.
Of course, none of the ad traffic was legitimate! There were tons and tons of scripts and programs that would click the ads for you
I remember the comany would implement anti-cheat methods every couple of weeks, even to the point of tracking mouse movements
Ok, well... as always, cheaters take things to the next level. The ultimate cheat was one that surfed the web from a pre-determined list of web sites, while randomly moving the mouse cursor around the screen, and clicking every couple of seconds. Worked like a charm!
No more AllAdvantage.
Google has more sophisticated technology than AllAdvantage though... its almost impossible to cheat google. Even if this dumb-ass really did write a program to click ads on his own sites, google would catch that. There's AdSense partners getting canned every day for suspicion of cheating, when sometimes it's only as simple as an innocent erroneous click on their own ads. It happens... check the adsense forums. I doubt this guy would have been able to execute much of his plan successfully.
Skiers and Riders -- http://www.snowjournal.com
a pair of those blinking Nikes while running away from the cops?
-FL
this never would've happened if they didn't offer google in "hacker"
and if you see me strut, remind me of what left this outlaw torn...
Or is there no incentive for a spammer to use this? Who was this guy going to sell the software to, it has no value except to a person who specificaly wants to devlue Googles adspace.
Or is this like the "on the Internet" patents? "I have a spam scam that really works--on Google!"
One line blog. I hear that they're called Twitters now.
If only the world's more malicious traders in contraband goods would use this method.
"See, I have this cache of weapons in my house, and I'll sell them off to criminals at some point if you don't give me the money!"
"Wait...SWAT Team? What SWAT Team?"
"Outside my house?"
A harbinger of organized crime to come? That's a real nice website you have here... a shame if anything were to happen to it..."
e rt ainment/amusement_and_family_entertainment/paddy_p ower_plc/news/D /europe/02/23/online. hackers/
Allready happened in Ireland with Paddy Power
http://www.business.com/directory/media_and_ent
and
http://www.cnn.com/2004/WORL
or just google for Paddy Power and hackers
Comment removed based on user account deletion
exactly driving a car is not a crime, but if you drive a car over a person or away from the bank you robbed it is criminal clicking is not a crime, but threatening to click a bunch to ruina business unless they pay is criminal
even though Google pays websites a certain amount per click, doesn't it also charge the advertisers placing the adwords at least as much?
Doesn't that mean it's not Google that would be defrauded, but the affected advertisers?
Get off my launchpad!
Ironically, while that exact search does actually come up with 0 results, there are 5 'sponsored links' offering 'Secrets behind AdWords', 'Create AdWords Cash' and so on...
I uhhh... made the same program last year in January or so at a client's request. I was skeptical that I could defraud Google's AdWords, but I ended up being successful. Out of respect, I never gave the client's his program even though it worked and sent it over to Google and told them about their vulnerability.
Defrauding Google, is like defrauding a family member or something...
I'm glad this ass got caught.
-- D3X
i understand what you are saying, but i still disagree. the clicks themselves are part of the problem. If I were stalking a girl, my talking to her on the phone would be illegal speech invirtue of what they were a part of. obviously speaking to others is not a crime, though when it is part of a pattern of harassment or extortion each action is a crime. and it is fraud, it is an attempt to impersonate a clickthrough human when in fact its a bot. This may not seem like much, but it is fraud in the literal sense
Is this really illegal? Seriously.
,I'd offer to sell them to the big oil companies before I went to Ford and GM.
I mean, he created a product. He was planning to sell it, but if Google is better served by that product not making it to market isn't it common sense that they might want to buy it?
For example, if I developed a way to run my automobiles using water as fuel or to get 200 miles per gallon of gasoline
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Sounds like capitalism to me.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
If I'm actually looking to buy something, and I see an ad that is *relevant*, sure I'll click on it. We advertise heavily on AdWords ourselves and get a phenomenal amount of traffic on them, with click-throughs over 25% on certain keyword combinations.
I believe that we are talking about the google sidebar ads. This program could be devastating for a small time organization trying out the ad system provided as a single run could quickly bust the advertisement budget - Contrary to what someone else mentioned it does not take a DDOS like run or attack to do that, just target the specific keywords that a site uses and bam! Disaster is knocking. Hope google at least makes sure the clickthrough is based on unique IP's in the future. That would make it a little harder for such a program... but alas not impossible.
Who saw the headline and thought that this was a dupe of that CPA suing Google for the not-quite-right summary of the disciplinary action against him?
Funny thing is, it doesn't feel very different, even if one is legal and the other is not...
I figured out and wrote a perl script to increase my karma. Give me $1200 worth of ThinkGeek stuff, or I'll post it in the forums!!!!
Awww, crap, you too? That's common knowledge:
num=int(rnd(0)*5)
select num
MSG="Microsoft sucks."
MSG="Linux rocks!"
MSG="MPAA is bad."
MSG="RIAA is evil."
MSG="This is a repost. Duh!"
end select
printf $MSG
Google dosen't just have text link adds on Googles website. They also have ads on OTHER peoples websites and pay those websites for that.
With out banner adds or pop ups (Thwap the guy who called Google ads POP UPS) you'll need some software on your server to make this work.
Im guessing this guy hacked this software so he can send bad any data he wants and is expecting Google to act like Microsoft and pay to keep it quiet.
He picked the wrong target. Find a defect in Windows.. a nasty one.. and bribe Microsoft to stay quiet. They appear all fine with the extrotion scams and all about security by obscurity.
(I'm joking BTW.. Try that and Microsoft will thump you something nasty AND clame your defect is fraudulent)
I don't actually exist.
Google have a programme called AdSense in which they put Google AdWords on other websites - I'm sure you've seen them around the net. He could have set up a website, signed up with AdSense, and then had his clicking program click away on those ads on his own website. Result? A cheque from Google for the clicks.
You missed it
It's not simply a case of buying the technology and canning it. It's more a case of buying the technology, incorporating it into existing projects, and moving the engineers onto something else (Non-Compete Agreements work wonders).
It also happens internally within corporations. A new division gets set up to target a selected marketing segment. They then start to grow and begin to compete against existing divisions. The existing groups respond by stating to management that the new divisions would fit well within their long term goals - and a re-organisation takes place. Very smooth.
THe really good way to do this is to get a message out on some site like /. that has a huge volume of readers and get them to each do it a couple of times a week. That would make it look like real traffic.
Its like the days of overture where they would list the amount that companies were bidding per click right in the search results. I greatly enjoyed searching "Bulk Mail" and "Mass Mailer" and then clicking through the top ten sites, most of which were paying a buck or two PER CLICK.
Fast way to cost the scumbags a little money and get them nothing for it. Get 100,000 + users all do it in a week and you've suddenly cost them a LOT of money.
try it. It takes about five minutes, is a nice relaxing little clickfest, and its fun!
and you don't even need to know how to write code to do it.
s'wut i sed.
This program could be devastating for a small time organization trying out the ad system provided as a single run could quickly bust the advertisement budget
There is a reason you set your maximum spend budget in the adwords settings before you go live.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
...but...
extortion != organized crime
This is one programmer acting alone (and stupidly). Organized crime requires an organization. If the programmer had been hired by someone else who had the idea to extort Google but not the technical know-how, this would be organized crime.
My sigs always suck.
Untrue As the following timline shows there were seat belts of diffrent types on cars before and after the patent was issued
1930's Several U.S. physicians equip their own cars with lap belts and begin urging manufacturers to provide them in all new cars
1954 Sports Car Club of America requires competing drivers to wear lap belts
1955 Society of Automotive Engineers (SAE) appoints Motor Vehicle Seat Belt Committee
1956 Volvo markets 2-point cross-chest diagonal belt as accessory For and Chrysler offer lap belts in front as option on some models Ford begins 2-year ad campaign based on safety, focusing heavily on belts
1957 Volvo provides anchors for 2-point diagonal belts in front
1958 Nils Bohlin, a design engineer with Volvo in Sweden, patents the "Basics of Proper Restraint Systems for Car Occupants," better known as a three-point safey belt. The device comprises two straps, a lap strap and shoulder strap. ** Volvo provides anchors for 2-point diagonal belts in rear
1959 Volvo introduces 3-point belt in front as standard, in Sweden
1961 SAE issues standard for U.S. seat belts (J4) Standards Association of Australia issues standard for "safety belts and harness assemblies"
1962 U.S. manufacturers provide seat belt anchors in front outboard as standard
1963 Volvo introduces 3-point belt in front as standard, in USA SAE issues revised standard (J4a)
1964 Most U.S. manufactures provide lap belts at front outboard seat positions Victoria and South Australia require seat belt anchorages at front outboard positions in new cars (either 2- or 3-point permitted)
1965 U.S. Commerce Dept. issues first seat belt standard (adopted SAE standard) SAE issues revised standard (J4c) Some U.S. manufacturers provide automatic locking retractors (ALRs) in front seat belts
1966 Swedish regulations prohibit 2-point cross-chest diagonal belt at seats next to a door, and Y-type of 3-point belt altogether U.S. Commerce Dept. issues revised seat belt standard (SAE j4c) Sports Car Club of America requires competing drivers to wear a shoulder harness as well as a lap belt (perhaps 1967, according to ref. 131)
1967 Society of Automotive Engineers study at UCLA leads to calls for two-point seat belts, highback seats and other occupant protection strategies for school buses. Volvo introduces 3-point belt in rear as standard, certain markets Great Britain requires 3-points in front outboard positions Australian standard for belt anchorages issued South Australia requires seat belts (lap belts OK) at front outboard positions
1968 Volvo provides emergency locking retractors (ELRs) as standard in front, in Sweden Great Britain requires retrofit of 3-point belts in front in MY 65 and newer cars Many U.S. cars this MY provide ELRs. 3 point harness is now legislation in the US.
1969 Sweden requires 3-point belts of approved type in front seats. Volvo provides 3-point belt in rear as standard, all markets Mercedes-Benz adds 3-point belt in rear outboard seats as standard, all markets Japan requires seat belts, front and rear Australia requires 3-point belts, front outboard seats, all cars registered since 1965
1970 Sweden requires belts in rear (diagonal and static allowed; lap-only not approved) Victoria, Australia requires 3-point belts, front and rear and mandates use, front and rear
1971 Volvo provides ELRs as standard in rear, all markets NHTSA amends FMVSS 208 to require passive restraints in front, to be effective
1973 New South Wales requires use of seat belts
1972 Volvo introduces adjustable B-post anchor point (not standa
Saying Apple is better than MS is like saying Botulism is better than rabies.
...that creates phony clicks on pop-up advertisements delivered by Google.
Since when has Google had pop-up ads? Granted I only use Konq and Mozzie, but this is flat-out news to me since I've never even read it complained about.
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
I always wonder when I see that seemingly redundant expression. I mean, what would a hardware program look like?
Okay, *theoretically* there could be a need to distinguish a computer program from, say, a TV program or a spending program or a concert program, but really, how likely is it that a computer programmer is threatening an information service company with information about who's playing second violin tonight?
o sure, a man does it and it's illegal...but if an organization/company does it, it isn't immediately determined by the law as extortion. (though in Germany, SCO was literally told to STFU until they can prove their claims with real evidence).
Google doesn't, and this is outside the scope of this article, but I've seen phony pop-ups delivered by quite a few scam sites. They'll use the (now "fixed") IE bug of URL forgery (create a link using http://www.google.com%01%00@badsite.com and IE only ses http://www.google.com), have badsite.com be nothing but a pass-through redirect to google.com with a few web bugs and stuff, and pop up an ad purporting to originate with google.)
You get this quite a lot with amazon and paypal among others, both for people phishing for account details, and for unscrupulous advertisers trying to present their 'product' as something originating with the legitimate site that loads in the background.
Microsoft issued a patch which flat-out prohibits use of '@' in http URLs without some registry changes. Maybe the authors just got their facts mixed a bit.
Cole's Law: Thinly sliced cabbage
"defrauded Google"? No, clicking on banners is not fraud. When will this abuse of criminal terms ever end? It is a losing battle with the liars who says "copyright infringment = theft" already.
It's comments like this that make me wish I could mod them "-1, Dumbass".
Hey, he knows how to find the top 100 spammers. That's gotta be worth something...
"Waste not one watt!" - CZ
Most websites with ads these days use third-party ad networks such as ValueClick. And as someone who runs such a site I've always been worried about the possibility of this one: if some kiddie dislikes me or my website for whatever reason, it's child's play to starve it of ad revenue. Just point your proxies my site's ads and make them click. The ad network will see the click-through ratio skyrocket, and instantly conclude I'm attemtping to defraud them. My account gets suspended. The site is starved of ad revenue, and possibly blacklisted so I can't just move to another network.
For years I've worried about this more than I do about DDoS attacks, wondering how long it would be before the kiddies take to this kind of attack. So far they haven't.
If I'm actually looking to buy something, and I see an ad that is *relevant*, sure I'll click on it. We advertise heavily on AdWords ourselves and get a phenomenal amount of traffic on them, with click-throughs over 25% on certain keyword combinations.
"Sex-crazed underage lesbians?"
Don't get me wrong, I think that Google's ad system is the best thing since sliced bread, but 25% for any terms that I can think of seems absurd. Even if you simply inserted part numbers for products you sold (eg "AZR-3120"), you'd still run into people just searching for data on those parts.
May we never see th
The first line from the linked page (that does not seem to load in non glacial units of time measure) at miamiherald.com is that the article was picked up on the wire from a San Jose Mercury (arguably the best tech-sensitive newspaper around) story?
/.
It's not like the Merc isn't used to getting a bazillion referred hits from
I like the Carlin quote, but Google's ads are not the typical annoying pop-ups--they're text-only, unobtrusive, clearly separated from non-paid search results, and as a consequence of these things, they're some of the most effective ads left on the 'net. That's in terms of click-throughs, conversions into sales for the advertiser, and revenue for Google. Seeing as how the Internet briefly thrived on advertising commissions until the ads became so ineffective that nobody would pay for them, any method that promises to return the value to online advertising holds the potential to bring back the .com boom in a more sustainable (and sensible) way. Google does this by seeing the value that ads can provide to the advertisee; sometimes, especially when looking for a place to buy something, Google's paid results are more relevant than the normal PageRank-based ones. Anything that threatens Google's ability to deliver good value both for the advertiser's money and the customer's time threatens, at least in principle, all that this new model promises for the Internet economy.
In practice, of course, I'm sure Google's brilliant engineers can find a workaround and start another technology race with the spammers. Whether or not they stay ahead, they'll surely keep their collective head above water--or we'll see a new business model arise out of Google's ashes, and eventually one of these models will just have to work.
I found the meaning of life the other day, but I had write-only access.
I think it was Carlin that said, "Think of how dumb the average person is... Half the people are dumber than that guy." Scary.
Carlin is almost certainly wrong. He is only correct if the following points are true:
* he's using the uncommon "median" definition of average (if he was using the more common "mean" definition, it would be extremely unlikely that he was correct, since there would have to be a distribution that splits exactly halfway at the mean intelligence point).
* There are not an odd number of people. If there are an odd number of people, fewer than half of the people out there are necessarily on either side of the median.
* Whatever metric Carlin is using for intelligence does not rate the two people used in calculating the mean to determine the median value as having the same degree of intelligence. If he is using something as roughly grained as an IQ score, for instance, he would certainly be wrong. (If he were, a number of people that would have been to one side of the median would be equally dumb as the median value, preventing half of the people out there from being dumber).
May we never see th
The Secret Service? Aren't they supposed to look after the presidents (present & past)?
Why wouldn't this be an FBI case?
WURD!!
That 25% is only on a few very specific search phrases, but we honestly do get that high on those phrases. The reason is that for those phrases we are more relevant than the actual search results *in our geographic area*.
We get 10%+ click-through on the most completely generic term for the site. It could possibly be higher, but we also rank first in the normal search results for that term, if you limit your search to one particular country or use the country name as part of the search. Being able to limit AdWords to individual countries is one of the great things about Google - Overture isn't half as good in this regard.
Our *average* click-through over all phrases is much lower, at 3%, largely because with a lot of the other product words we use, people *would* be just searching for information on the product, rather than with a view to purchase. We could raise the click-through by only displaying ad if the search term included words such as 'buy', 'purchase', etc. but 3% is well above Google's cut-off and we aren't paying for the extra impressions, only the clicks, so this suits us fine. We still rank first on most of these search terms (e.g. competing AdWords are seen as less relevant).
... besides the bad music, there is nothing incorrect about this in general, p. ex., if you own a CD-version of the song, you have the right to do it. ;-)
At least in my jurisdiction...
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Maybe you'll have to verify your humanity any time you want to search for something.
Or maybe advertisers will quit trying to quantify per-view or per-link and just pay (or be charged) a flat fee for a time-period run, something more similar to how things work on TV and radio. Rather than making an ad on the web accountable in ways that no other media is required, why not just assume it's getting you market-awareness and presence?
Karma: Excellent, but still won't get you laid.
Interesting..and from reading this article, it does seem the guy was guilty of fraud, etc.
But, I'm wondering...if someone wants to do this, with no motive for profit or fraud....would it in fact be illegal at all? I don't know of any laws out there that make it illegal to use a program to cruise through sites, and make 'clicks' along the way......
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
uh.... Commander? Don't you mean the ad-posters (link targets) pay Google?
[this sig has been trunca
There is a reason you set your maximum spend budget in the adwords settings before you go live.
Yes, and then that budget is busted after a few minutes, and no one actually *sees* your ad.
Don't you wish your girlfriend was a geek like me?
was I able to make a little over $5 with only 3 clicks on the ads I'm displaying. I used Commission Junction for about a year and racked in 70,000+ impressions with about 7000 click thrus. Didn't make a penny. That's why I went to a subscription based web-site. After a review not too long ago I decided to cut down the number of sections that require a pass. Those major sections that don't require a pass now have Google Ads.
The rate variance is why Google doesn't tell you how much a click is worth. It varies from a few cents to a few dollars and possibly more depending on the ad. I run a programming site so I get some expensive programming ads.
Google is being incredibly generous with their AdSense program and I would hope Google would be able to find a way to take out the idiots who try to abuse it rather than cripple the program.
At the start all ad programs paid decently for click-thrus but morons abused it and morons ran the programs so they couldn't deal with it. Or they simply decided they could make more money if they went pay per sale since the advertisers would get the same amount (or more since web-sites got desperite and would flood visiters) of exposure for a lot less money.
It's an absolutly retarded program from a publisher's view. You basically have to sell the ad. You have to dedicate the page the ad is on to the ad so that people will buy what the ad is selling. The standard is about a 1.0% click-thru rate. And of those you now have a fraction of a percent that will compulsive buy. I had one text ad with Commission Junction that did a 10% click thru rate. But I would only get paid if someone bought the book right then. Nobody did so I never got paid. But the seller got lots of free publicity.
One major game development web-site I know has basically signed up for every ad program on the planet and then ran it through their custom script that selects which program to display an ad from to the visitor. I noticed they have Google Adsense worked into the mix as well. I have to wonder how much that stupid monkey and other flashing banners are worth that they don't just stick with Google and dump the rest of the ad systems.
Ben
Work Safe Porn
.. an old joke: ;-)
- Hey, missy, either you give me all your money or I will use this water pistol to wash away all of your makeup!
Tigers respect lions, elephants and hippos. Maggots respect no one. (C) S. Dovlatov
Posting anonymously because I should :)
:)
:).
Anyone remember those annoying click competitions that were popular last year? Someone sends you a link, you click on it, and you added one thug to thier gang or one prostitute to thier harem or something. The strongest gang/pimp/whatever at the end of the month wins a ps2 or other prize. Well, being the perl monk I am, I decided to help a friend of mine win himself a ps2.
First step was to get a list of proxies. Not too hard there. I remember 10-15 websites that listed anywhere from 100 to 2000 open web proxies each. I wrote a quick perl script to scrape the page for the host and port (was a nice script, even worked inside tables) and write them to a file. I has a second script that actually tested those proxies. I ended up with around 5000 working proxy servers.
The next step was to write a script to attach to the proxy, click the link, follow the redirect, load all images, and verify that everything worked. I love pthreads
Every day I'd run that script and he'd get another 5k thugs. He actually won 3 months in a row. I think he got a ps2, GBA, and a $200 amazon.com gift certificate (which he promptly gave to yours truly
Anyway, the point of this is that its not too tough to use proxies to defraud pay-per-click stuff. You can use it to your benefit to earn yourself some fradulent $. You can use it to your benefit to cost your competitors $ (via pay-per-click adwords). Or you can use it to vote in online polls (Ever wonder how those votes on MTV change drasticaly in the last few minutes? Thank Larry Wall!)
(Score -2, VB Programming)
How could the guy expect Google to pay him not to run his program if he couldn't guarantee that someone else wouldn't come up with a similar program? Forget law and morals; he had nothing useful to sell to Google. Their money would be better spent finding and fixing any security holes.
-Rich
No, that would be offering Google an oppertunity at the product that bests theirs. Whereas this is a case of 'pay me money to shut me up or I'll cause your ad revenue to plummit and your results to be invalid.'
The first is legal, whereas the second isn't.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
get thousands of proxies.
use a nifty program like curl and randomize useragents/proxies etc.
query google as you go and get the ads.
click-bomb off your competetive advertisers first thing in the morning to blow away their daily limits for advertising.
watch your five cent per click ad be number one!
easy..
anime+manga together at last.. in real time.
"Right now, somewhere in this world, Scott Baio is plowing a woman he doesn't love," - Peter Griffin, *Family Guy*
I thought that too...it seems like people are *really* starting to go after Google.
*Puts on tinfoil hat*
Maybe Microsoft is covertly sending money to these people, in an attempt to make Google look bad now, since they:
-Didn't give in to SCO's demands for protection money^H^H^H^H^H^H^H^H licensing fees.
-Is MS's biggest online competitor for search engines
-Sees Google as the Linux of search engines (quick, clean, easy, no popups/annoying ads etc)
Maybe I'm just parinoid, but perhaps Bill's throwing money multiple directions at once.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
That is the first dead milkmen sig I have seen, and I have been reading /. since '98. Yay!
The House Between - Original Sci-Fi Series
I have always wondered if a technique such as this could be used to fight Spam. For example, the mortgage lending spammers supposedly receive referral fees from the mortagage companies. If you reverse-spammed the spammers' web sites with bogus leads wouldn't this cause the spammers' customers to pay exorbitant bills and/or dilute the value of the Spam referalls to such an extent that spamming would no longer be a viable business?
There's a few gangs based in Eastern Europe that are using Windows machines infected with viruses/worms to DDoS gambling sites unless $5,000/month in protection money is paid up.
And let's not forget SCO...
It amazes me the number of people that talk about IP spoofing. All their wild theories can be shot down by asking "What happens when you send out thatfirst packet and it comes back to confirm it?"
TCP spoofing is quite possible. It's just difficult, and has become progressively more difficult.
Say we have just the idea of a basic handshake (without worrying about the way TCP works for a moment). Host A sends a packet to Host C purporting to come from Host B. Host C sends a packet to Host B saying "you really want to open this connection?". Host A waits a short period of time, then sends another packet to Host C claiming to be from Host B saying "yup, open it". Handshake completed.
Now, in TCP world, there are a couple of complications. First, Host B is supposed to respond back when it gets the "do you want to open this packet" question from Host C with a "Nope, blow away the connection" response. So, just for starters, Host B has to be unresponsive. That means that it might be a good idea for Host C to compromise a bunch of hosts and flood Host B starting sometime before sending that first forged packet to Host A. This bumps Host B's packet loss rate up to, say, 90%. That means that there's an awfully good chance that the "Do you want to connect" message never gets through to B...all C has is the forged response from A, so it considers the response valid and opens the connection.
Then we have sequence numbers. TCP uses sequence numbers to ensure that packets don't get lost or out of order. A's bogus response to C has to have a sequence number based on the number that A included in its "do you want to connect" message to B. The traditional way to get around this was to have C try to open a (non-forged) connection to A. A's response contains a sequence number. C ignores this response, and when A sends out its first packet to B, as long as nobody else has opened any connections in the interim, it uses a starting sequence number that is, say, one greater than the previous starting sequence number. At least, there is some form of correlation that C can use to determine the sequence number being sent to B that will allow it to forge a packet with a valid sequence number.
Most modern machines, to avoid exactly this sort of attack, generate an "unpredictable" number. However, since entropy (I guess you'd call entropy "stored unpredictability" -- data based entirely on unpredictable events from outside the computer's operating environment) comes in at a pretty limited rate in a typical machine, machines tend to just mangle some data in a hard-to-predict manner and use it to derive a starting sequence number for the next connection. Ideally, this sequence number cannot be predicted by host A -- in reality, it's possible that host A might manage to do so, if controlled by someone that's figured out a way to predict the output of the algorithm being used by host C.
If the A and C machines are both on a fast network (a business or university, say), it might even be possible to forge a connection through brute-force guessing of the next sequence number.
So, spoofing a TCP connection is difficult, but feasible. TCP is definitely not considered to be secure as a cryptographer would consider something to be secure.
So it's a good move to avoid using IP-based authentication.
May we never see th
You're too late. The Slashdot editors already wrote one of those a long time ago and called it michael.
perhaps its a language thing
if would set the spend to 30 dollars and see how it goes.
I got the idea that the parent suggested run-away unbound spending
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Did any of you ACTUALLY made any money?, I mean not only virtually in your account, but actually received a check at your house? Thanks
__
Sig: Marine Stock Photos
Yes, but what's stopping people for clicking the ad anyway, even if they already own the product? It doesn't cost them anything to check the price and see if they got a good deal, see if the page has any links to the data they're after, etc.
The advertiser might not get a sale, but they increase brand awareness.
'Thats they exact same thing a banana wrench monkey.'
Unless, of course, you externalize by talking back to all of those little voices in there...
"He who throws mud, loses ground." - proverb
Avalanche of pedantic comments on the difference between 'talking' and 'typing' in 3...2...
Caveat Emptor is not a business model.
The parent poster is right.
Read this article for an analysis of the algorithms for generating "Random" numbers for TCP packet sequencing. It's a really interesting read, and knowing this makes it highly feasible to spoof an IP if you know what the machine on the other side of the line is running (for some systems).
Overcaffeinated. Angry geeks.
I remember that, from my broke-college-student days. Everyone used to start up 'move the mouse' scripts and go to sleep, and usually got caught. I figured it probably checked for more involved activity, such as actual Web surfing (clicking on links, and such), so I wrote two different scripts: one to move the mouse in such a way as to sequentially click through a set of Netscape bookmarks at a randomish interval (between 3 ~ 5 minutes IIRC), and another to generate an insanely huge set of Netscape bookmarks (arranged as something like 25 folders with 25 links per folder) by turning it loose on any randomly-chosen list-o-million-links pages and letting it collect all the links. Did this for a few months...start the click script and rake in the $$$ while in class or sleeping. Unfortunately, this was toward the end of AllAdvantage when they began limiting how many hours per month they'd actually pay for, so by the end I was getting checks for...what was it...$12.50 per month I think. Eventually it just went out of business.
.EXE, which did not checksum itself. Just find the <IMG SRC=... tag in the binary, and change the width and height attributes to all zeros. Viola, no more blinky blinky.
.exe, and all), you could change its internal name and window title so that the adbar programs (Cashsurf, EPIPO and whatever else existed at the time) wouldn't detect one another and close down.
Just looking around, I still have the QBASIC script that generated bookmark files. (Yeah yeah, Qbasic and all, but it was semi-ingenious in those days. The script called C:\Windows\ping.exe to verify all the servers, to prevent e.g. "DNS Error" dialog boxes that would interfere with the link-clicking, as well as filter out anything that looked like an ad-link, etc.)
A few other useless-but-interesting facts I'm remembering about these services... AllAdvantage used the IE HTML renderer; it basically just displayed a Web page in its main window. The HTML for this was embedded in the
While you were at it (messing with the
And then of course, there was always WindowsSniper...
Caveat Emptor is not a business model.
Man, you had me going there for a minute, until...
----
Your search - "Sex-crazed underage lesbians" - did not match any documents.
...and it's easier just to sue for search results that match your name.
I totally agree. Answer: because they can. The information is just so juicy, and it's just right there, it's too tempting to ignore.
As long as they don't ignore it, however, we will have scammers like this one.
WWJD? JWRTFA!