If you've been following my tale of Google AdSense woe, you know that just under a month ago, Google disabled my AdSense account for no apparent reason. I didn't even notice for four days, as I was traveling at the time and buried in the midst of a major network core restructuring project, but when I did notice, I filled out their dispute form. Several weeks later, I was notified that my appeal was denied, and I was still persona non grata. I filled out another dispute form following that rejection, but had resigned myself to a lifetime bereft of the opportunity to use Google's AdSense service, since they apparently have a one-strike and you're out policy.
So imagine my surprise when I received this today:
After thoroughly re-reviewing your AdSense account, we've decided to reinstate your account. However, there will be a delay before ads start running on your website, as it may take up to 48 hours before all of our servers are informed of the change.
We've also applied a credit of $45.40 to your earnings for this month, reflecting your valid earnings prior to the account disabling. You'll be able to see your finalized earnings for this month when they're posted to your account's Payment History page during the first week of next month. [...]
Apparently, I'm now back in Google's good graces, and they've even seen fit to replace the (admittedly small) balance in my AdSense account. Sometimes, justice does prevail.
After this fiasco, I'm wondering what I can do to not run afoul of Google's fraud detection again. I'm still completely in the dark as to why this happened in the first place, so I'm not really sure how to prevent an unknown event from occurring again, but I'm thinking about adding some code to my sites to prevent the Google ads from appearing if I'm either logged into the site or visiting the site from my normal external IP address. This will obviously add some overhead to the sites, but if it provides some protection against having my account disabled again, it may be worth it.
This trip to the darker side of Google has certainly been educational. I'd never given much thought to how Google deals with click fraud in the past, but it's definitely been on my mind the past month, and it does seem to be a significant challenge. I'm guessing that Google flags large numbers of ad clicks from a single IP address or range of IPs within the same subnet, and compares them against other actions from that IP, such as logging into a Google account, be that a Google Analytics, GMail, or AdSense account. It may possibly geolocate the offending IPs and compare them to the geolocation of a known IP that has logged into the Google AdSense account in the past, and then punts to a human to make the final determination. This process would certainly not be foolproof, especially with superproxies, tor, open proxies on the Internet, and the myriad other ways that IP addresses can be masked, but those problems would seem to pale in comparison to those introduced by malware, or over-eager legitimate software, like the AVG pre-clicking debacle I discussed earlier this week.
I wonder what chaos might ensue if a virus or piece of malware bent on "clicking" every Google ad it sees became prevalent. I suppose that dealing with those problems is part of the cost to be the boss. If my adventures are any indication, it's certain that Google is quite vigilant in protecting their advertisers -- indeed, perhaps a little overzealous.