There are many tools and techniques that a business can use to combat the threat of ad fraud. However, not all of these tools are equally effective. In fact, some techniques that businesses have used to fight fraud have proven to have severe negative side effects that cause harm to the business using them (or prove ineffective in their entirety).
One example of an obsolete anti-fraud strategy that may do more harm than good is IP address blocking (or just IP blocking for short). In this article, we’ll talk a bit about what IP blocking is, how it works, and why you really shouldn’t rely on it as a primary ad fraud prevention tool.
What Is IP Blocking?
IP blocking is pretty much what it sounds like—the act of restricting traffic from a specified internet protocol (IP) address from accessing your network (or specific apps and devices in it).
You could also define it as an old cybersecurity tool that was (and still is, from time to time) used to stop brute-force cyberattacks. For example, an old type of DDoS attack that routes all of its traffic from a single server might be stopped by using IP blocking.
Techopedia notes that IP address blocking is used to prevent “a connection between a specific or group of IP addresses and a mail, web, or Internet server.”
A Bit of Background on IP Addresses
Before getting into how IP address blocking works, it’s important to know how IP addresses work. In most cases, IP addresses are automatically set by a person’s internet service provider (ISP) when they connect their device to the internet.
First, the device connects to the user’s local network. Then, the device uses that network’s connection to the larger internet via its ISP. The ISP routes it back to the user via their assigned IP address.
IP addresses may change from time to time, with or without the user’s knowledge. As noted by Kaspersky: “turning your modem or router on or off can change it. Or you can contact your ISP, and they can change it for you.”
Also, when someone is accessing the internet from a new network or a mobile connection, their IP address will be different from what it is on their home or workplace office connection.
Additionally, IP addresses can fall into several distinct categories:
- Private IP Addresses. IP addresses are created by the router to provide a unique identifier for each device on the network.
- Public IP Addresses. The overall IP address for the whole of the network (whether home or office). This is used by external devices to recognize the network as a whole.
- Dynamic IP Addresses. Public IP addresses that change frequently and automatically as needed.
- Static IP Addresses. Public IP addresses that remain the same unless a change is specifically requested. Often used by businesses that run a server or website so other machines don’t have to try to "track" them down over and over again through the internet.
How IP Blocking Works
A website host can track the IP address information of all the visitors to the website. Under normal circumstances, this can be used to see which users have visited which pages, verify geolocation data against the IP address, or track other activity (especially when supplemented with cookies on the user’s web browser).
However, a web host can also add IP addresses to a ban list (i.e. a blacklist). Any connection coming from an IP address on the blacklist is automatically rejected. This usually results in a “connection denied” or similar error message for the blocked device’s user.
Whitelisting, or the practice of only allowing pre-approved IP addresses to connect to your website, is a wholly unrealistic option for any company that wants to bring in new customers via online campaigns. This is because you’d have to add each new contact to the whitelist before you could have them fill out forms on your website.
Why You Shouldn’t Rely on IP Blocking for Stopping Ad Fraud
The question is this: “Is IP blocking effective?”
IP blocking might sound like a really useful tool for stopping the bad guys. For example, if you could identify the IP address behind a phony form submission, blocking it would keep other bots or human fraudsters behind that IP address from submitting fake leads, right?
Well, not necessarily. Even if it did stop that fraudster, you might end up causing a variety of other problems, too.
Here are a few reasons why you should avoid using IP blocking as your primary ad fraud solution:
1. You Might Block More Than Just the Fraudster
One of the problems with trying to block an IP address is that you might block more than just the fraudster. A public IP address covers all of the devices connected to that network.
So, if a fraudster were operating from a network shared by many other users—like a business office, college dorm, or a home, for example—blocking their IP address might block every legitimate user on that network, too.
Worse yet, the owner of the device that you’re trying to block might not even be aware of the fraud being committed! Many fraudsters leverage giant botnets of compromised devices to carry out their ad fraud schemes. These bot programs will, without the device owner’s knowledge, fill out forms and make clicks to generate ad revenue for the botmaster. So, blocking the IP address for the “source” device means locking out that unsuspecting potential customer.
Also, what if the IP address belongs to a massive shared resource—such as a cell phone tower? Blocking that IP address might cut you off from thousands or tens of thousands of potential customers all at once!
Finally, many networks use dynamic IP addresses—meaning that the address will change from time to time. So, when an ISP customer gets assigned a new IP address that you previously blocked, they’ll receive an error message any time they try to connect to your site. This prevents them from even being able to view your site when they want to.
In short, using IP blocking can result in you throwing out the proverbial baby with the bathwater.
2. IP Blocking Won’t Even Slow Down a Sophisticated Fraudster
Another problem with IP address blocking is that it won’t really work well on a modern-day fraudster. Back in the nineties, IP blocking was sometimes effective because fraudster tactics hadn’t really evolved much—brute force attacks were frequently done on a single machine, server, or a group of servers in a data center. So, blocking the offending IP address could work well.
Botnets and zombie bot programs changed all of that, however. Modern fraudsters now use pre-built botnets comprising hundreds of machines with different IP addresses (or release their own zombie bot programs into the wild to compromise countless machines on their own). This means that the fraudster will have access to hundreds, if not thousands, of unique IP addresses that you would have to block.
The problem here is that you can only block so many IP addresses at once. For example, Yahoo’s Small Business Merchant Solutions tool allows users to block a maximum of 150 IP addresses or IP address ranges (groups of related IP addresses). Meanwhile, the limit for a Google ad campaign is 500 IP address exclusions.
If you’re submitting each block request one IP address at a time, you will run out of slots to exclude very quickly. Considering that a botnet can consist of thousands of bots, you may run out of slots for exclusions in your ad campaign well before the fraudster runs out of IP addresses.
This issue alone can make IP blocking a worthless, almost token, gesture when it comes to fighting ad fraud.
3. Because of VPN Users
Many modern internet users want to protect their privacy as much as possible online. To this end, they often use virtual private networks (VPNs). Under this service, users connect to the VPN’s servers first before reaching out to other web addresses to hide their IP addresses.
So, instead of seeing the actual public IP address of the VPN user, you see the VPN’s IP address. With thousands of people using VPNs on a daily basis, blocking one bad actor using a VPN may mean cutting off all of the legitimate traffic and leads that use that same VPN.
Why Ad Fraud Solutions Are a Better Alternative
Does IP blocking work at all? The truth is that IP blocking isn’t all bad. There are some situations where it might be useful—if only to temporarily stop the submission of fake leads while you work to cut off the source of the problem. However, it isn’t really suitable as a standalone solution to ad fraud.
To really put a stop to ad fraud, you need a dedicated ad fraud solution that can analyze traffic in real-time, flag it as either safe or fraud accurately, and give you the data needed to confront the fraudster and stop payments to them.
If all you do is block IP addresses, the fraudster will keep trying with different addresses until you run out of blocks for the ad campaign. But, by identifying the fraudster and cutting off payments, you cut off their reason to keep trying.
Remember: their goal is to make money as quickly and easily as possible. To hit them where it hurts, you need to go after their wallet. Once they realize they’ve been cut off and that they can’t win a claim for “services rendered,” odds are good that they’ll move on to their next target (probably while operating under a different alias).
Are you ready to stop ad fraud and hit the fraudsters where they’ll actually feel it? Reach out to Anura today to get started!