lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 2 Aug 2012 10:56:12 +1000
From: "Ivan .Heca" <>
To: full-disclosure <>
Subject: hacking FB Ads

interesting bit of research

“A couple months ago, when we were preparing to launch the new Limited Run,
we started to experiment with Facebook ads. Unfortunately, while testing
their ad system, we noticed some very strange things. Facebook was charging
us for clicks, yet we could only verify about 20% of them actually showing
up on our site. At first, we thought it was our analytics service. We tried
signing up for a handful of other big name companies, and still, we
couldn’t verify more than 15-20% of clicks. So we did what any good
developers would do. We built our own analytic software. Here’s what we
found: on about 80% of the clicks Facebook was charging us for, JavaScript
wasn’t on. And if the person clicking the ad doesn’t have JavaScript, it’s
very difficult for an analytics service to verify the click.

What’s important here is that in all of our years of experience, only about
1-2% of people coming to us have JavaScript disabled, not 80% like these
clicks coming from Facebook. So we did what any good developers would do.
We built a page logger. Any time a page was loaded, we’d keep track of it.
You know what we found? The 80% of clicks we were paying for were from
bots. That’s correct. Bots were loading pages and driving up our
advertising costs.”

Content of type "text/html" skipped

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists