(Digit November 2007 Issue)
India's leading technology magazine DIGIT, has had in its November 2007 issue, a serious look at what one Indian security analyst claims is a flaw in Googleâ€™s AdSense. A Indian named, Manish Arora has found a way to cheat adsense and make thousands of US$ quickly. His claim has been verified by DIGITians and when they reported it to Google, they doesn't seem to take it seriously. This has endangered the interests of adwords users. Is google working on the fix or is it something they doesn't care about or is it the way they make money themself? Only time will tell this. Now the question is what he exactly did and the even more interesting how he did it?
What he did?
He had gone through number of articles/reports on Pay Per Click mechanism including the report of Dr. Tuzhilin (Professor of Information Systems at the Stern School of Business at New York University), who evaluated Googleâ€™s invalid click detection efforts.
After going through all those articles and analyzing Googleâ€™s code he found a way to simulate human behavior in click generation and page impressions in proper (acceptable) ratio from different geographic location (IP address) and was able to credit thousands of dollars in his AdSense account (By not a single human being generated click)
By observing the working of their system he was able to point out how ads are served from their servers and how can he stimulate the process from his own server by a script made by him.
(Here is a screenshot of his adsense account - Click to enlarge it)Manish Arora wrote to Google "I would be glad to provide you the complete mechanism, which will take one hour a day, to produce thousand of dollars a month from adsense. I would like to explain this model to any of your representatives". The Incident Response Lead, Google Security Team replied that "We've investigated your claim. At this point, all we can verify is that our automated systems terminated your accounts, as a result of your trying to inflate the clicks. This is exactly how the system is supposed to work. If you supply us with the code and the technical details of the method you mention, we will investigate further".
Why he did?
He says he did all this to report the flaw to google and hasn't withdrawn any money because his intentions were not bad. As soon as he reported this to google, the account was banned.
Manish Arora has explained how he did it, on his blog.
You can read it here. (The link is not working anymore) Now rumors will continue to spread unless Google speaks something officially related to it. Are you a adsense publisher or you use Adwords for promoting your goods or services? What do you think? Do let me know through your comments.
Update: You can read the removed article here.