cyveillance.com - 5% of your clicks

Discussion in 'Mail Chat' started by roundabout, Apr 25, 2011.

  1. roundabout

    roundabout VIP

    Joined:
    Feb 17, 2011
    Messages:
    2,713
    Likes Received:
    154
    Trophy Points:
    63
    http://cyveillance.com/
    ...
    So these guys are more than likely clicking 2-5% of your links to check for fraud and other things.

    While I personally admire the goal of these guys, they are literally causing mayhem and anger in the email marketing community, especially for CPC campaigns.

    Time to raise public awareness with these guys.. does anybody have any further info, even a bot click email would be perfect to scan the mx records so we can remove as much of them as possible (for those who agree they have no right to be auto clicking our links)
     
  2. DKPMO

    DKPMO VIP

    Joined:
    Mar 31, 2011
    Messages:
    1,452
    Likes Received:
    68
    Trophy Points:
    48
    Location:
    Elaborate Underground Base
    Which IPs to block / redirect?
     
  3. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,139
    Likes Received:
    363
    Trophy Points:
    83
    Gender:
    Male
    Location:
    guadalajara, chiuhuahua
  4. ThisGuyOverHere

    ThisGuyOverHere VIP

    Joined:
    Apr 14, 2011
    Messages:
    193
    Likes Received:
    5
    Trophy Points:
    0
    Location:
    Banning someones Mom.
    Home Page:
    I've got an older list. I'll try to remember where I sourced it and update it. I'll email you the list I have. I use it via htaccess to redirect a ton of bad traffic before ever hitting my servers.
     
  5. mumaque

    mumaque VIP

    Joined:
    Apr 26, 2011
    Messages:
    27
    Likes Received:
    10
    Trophy Points:
    3
    Location:
    Warsaw
    Don't block them "before hitting servers"! Allow them to try to open your link, register it in your tracking system (in the same way you register clicks, pixel etc.) and tell them kindly to GTFO in form of "500 internal server error", redirect them to disney.com or smth. Now you pull an email address from your tracking system, mark it as blacklisted and never send to it again.
    Interesting thing is, in 90% cases that bots "click" spam button. Before even checking your links. We've found a common pattern:
    send msg. to email address >> several hours later we got FBL from this address >> 20-40min later (in most cases) we see a bot trying to open our link.
    We observe that exact behavior hundreds times. It can't be human being checking that email address. Since bots are not supposed to be interested in our offers and we don't expect to earn any $$ on them - we don't want to send anything to that addresses again - so we block that emails (if they didn't FBLed out already).

    Last weeks we observe that unwanted visits from IPs like:
    38.127.197.91, ~.112, ~.122, ~.123, ~.124 etc, generaly 38.127.197.*
    and
    209.120.218.192, ~.193, ~.197, ~.199 (209.120.218.*)

    bots from 38.127.197.* have always the same user-agent: "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
    and from 209.120.218.* - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

    geoIPs of that adresses are "USA / 20007 / Washington" and "USA / 20850 / Rockville" and they are always coming from nowhere (it means empty referer)

    In some cases there are combined visits from both of the above adresses, for example:
    2011-04-25 18:57:06 >>> SENT msg.
    2011-04-26 07:22:04 [FBL!]
    2011-04-26 07:41:09 [blacklisted IP] 38.127.197.91
    2011-04-26 11:07:54 [blacklisted IP] 209.120.218.211
    2011-04-26 11:07:55 [blacklisted IP] 209.120.218.211
    (above is related to the same email address of course)

    our full blacklist at the moment:

    38.100.41.64/26
    38.105.109.8/29
    38.112.21.0/24
    38.118.42.0/24
    38.127.197.64/26
    63.100.163.0/24
    63.148.99.0/24
    65.118.41.0/24
    65.192.0.0/11
    65.213.208.128/27
    65.222.176.0/24
    65.222.185.0/24
    68.48.24.0/24
    151.173.221.0/24
    207.87.178.0/24
    216.32.64.0/24
    209.120.218.0/24


    Now dive in your logs, tracking data and tell us if you found something interesting :)
     
  6. PushSend

    PushSend VIP

    Joined:
    Apr 12, 2011
    Messages:
    1,927
    Likes Received:
    141
    Trophy Points:
    63
    Location:
    Paradise
    ^^ Now that's a solid post! Thanks mumaque, this is the kind of collaboration and information sharing I hope starts growing in this forum. This could save a LOT of people here some un-needed stress and headaches.
     
  7. DoldGigga

    DoldGigga VIP

    Joined:
    Mar 25, 2011
    Messages:
    698
    Likes Received:
    73
    Trophy Points:
    28
    A simple javascript redirect would probably fix most of your bot problems without actually requiring you to filter them out. This can be accomplished by making your tracking page a blank HTML page with the JS redirect code in the header as a function and this as your body tag: < body onLoad="jsRedirectFunction();" >< /body >
     
  8. DKPMO

    DKPMO VIP

    Joined:
    Mar 31, 2011
    Messages:
    1,452
    Likes Received:
    68
    Trophy Points:
    48
    Location:
    Elaborate Underground Base
    Agreed, but wouldn't it really help to still record and analyze what's going on? Including which clicks redirect via JS and which ones fail to do so.
     
  9. DoldGigga

    DoldGigga VIP

    Joined:
    Mar 25, 2011
    Messages:
    698
    Likes Received:
    73
    Trophy Points:
    28
    You can if you want to, and that's the best way to weed out the bots. This is how to do it:

    1) Your click thru URL (the one included in the email) takes the clicker to the HTML transition page with the javascript redirect.

    2) Rather than tracking with your clickthru URL, your JS redirect would pass the user to a tracking URL to log the click and forward them to the offer landing page.

    It's basically 1 extra step to the process. You can log both clicks to compare "bot" vs "human" click thru's on your drops.

    Some bots do follow javascript but most will not.

    Some clicks that seem to be a bot may also be a spam checker / URL validator that runs automatically, so I don't think you should auto-suppress bot clicks the first time around. Collect some data over time and then remove the users that ONLY result in bot clicks.
     

Share This Page