One of the main features of fraudulent online traffic is that it is often routed through either a virtual private network (VPN), or a proxy server. That’s not to say all traffic from VPNs or proxies is click fraud, but most click fraud can be traced through these gateways.
In order to be able to block clicks from IP’s that originate from proxy servers or VPN services, let’s first understand what are VPNs and proxy servers are, and what each one of them offers.
Proxy servers
They hide your IP, but you are still not invisible…
“A proxy server is a computer that offers a computer network service to allow clients to make indirect network connections to other network services. A client connects to the proxy server, then requests a connection, file, or other resource available on a different server. The proxy provides the resource either by connecting to the specified server or by serving it from a cache. In some cases, the proxy may alter the client’s request or the server’s response for various purposes.”
Simply put, a proxy server is a computer that is used in the form of a dumb middle man, masking your internet activities in a way that they appear to be originating from somewhere else. However, in most cases proxy servers do not strip your internet transmissions of identifiable information- meaning, there is no additional privacy or security considerations built in it.
Furthermore, proxies are configured on an application by application basis and not computer-wide. This means only one application at a time (your web browser or your BitTorrent client for example) can be configured for use with a proxy server.
This configuration is great when you want to perform a low-stake task such as reaching a simple region-restricted content (Youtube/Netflix anyone?) or bypassing IP-based restrictions on services.
There are three general tiers of proxies available today:
VPNs
Your connection is encrypted and you become much harder to track and identify…
VPNs (Virtual Private Networks), in a similar fashion to proxies, make your internet activity appear as if it is originating from a far away location. But that’s where the similarities pretty much end.
First off, unlike proxies, VPNs are configured to be set up at the operating system level. Moreover, the VPN connection uses the full network connection of the device it is configured on.
Also, the connection between the user’s device to the VPN server is done via a heavily encrypted tunnel. That is why VPNs are considered superior when it comes down to performing high-stakes tasks, where privacy or higher security is a concern.
But, running a VPN is not without its downsides. While you might be increasing your anonymity rate substantially through whole connection encryption, your computing power will pay the price. Running this type of service requires good hardware to be able to sustain the strain on your processing power and bandwidth from the VPN network. Furthermore, good VPN services are usually not free and you might be required to pay a certain monthly sum for these services.
Some prime examples are Hidemyass, StrongVPN and ExpressVPN.
Comparison Time! (TL;DR)
Identifying and understanding VPN Click Fraud.
Nowadays, whenever an IP is blocked in the Google Adwords or Bing ads platforms, what essentially happens is that the advertiser’s ads become invisible to the attacker. This results in the attacker being unable to click on the advertiser’s ads any longer.
However, by employing a proxy server or by using a VPN, the attacker can rapidly change his IP address and click on the advertiser’s ads again and again. This is VPN click fraud.
So how does ClickCease combat this type of fraud?
This attainable anonymity poses a considerable challenge when it comes to combating this type of fraud.
However, here at ClickCease we have developed several solutions to deal with proxy servers and VPNs.
We have accumulated and compiled a large amount of data regarding known repeating offenders into blacklists which we use as the first tier of protection against fraudsters who use proxy servers and VPNs.
Secondly, alongside these blacklists, we allow our clients to determine their click threshold which basically refers to the max amount of clicks they would allow any one IP to be able to click on their ads before they are automatically blocked by our system.
Thirdly, we have devised a tool that allows our system to tag each individual device used by any IP with a specific and unique ID. This means that even though the fraudster that’s assaulting your ads might be trying to hide his IP by constantly changing it, we are still able to identify that it is indeed the same attacker using the same device. Once we have identified his device as one that is used for fraudulent activity, we are able to block any new IP he uses on its first click.