How Distil Strengthens Advertiser Relationships for Real Good Media by Blocking Non-Human Traffic

December 28, 2016

My name is Andrew Cisek, and I’m the CEO of Real Good Media.

We’re a boutique digital agency with deep expertise in ad operations and traffic management. Clients such as Entrepreneur, Heavy, Sony Pictures Entertainment, and Dailymotion depend on us to understand the shifting landscape of media buying, which increasingly includes bot and adware / malware detection.

I recently received a notice from one of my customer’s advertisers alleging suspicious clicks. Below is the true story of how I resolved this digital ad fraud notice using Distil Networks.

It all started with suspicious clicks

I recently received an email from an advertiser for one of my customer’s sites telling me that their digital ad fraud auditing firm was seeing a large number of suspicious clicks coming from unexpected places. The email also notified us that they were commencing an in-depth review of the account and associated traffic and logs. In addition to wanting our own assessment of the traffic related to their account, they also requested view-only access to our analytics, and that we remove all their tags from our sites during the course of the investigation. As you can imagine, this was rather worrying, as this advertiser contributes a significant amount of revenues for my customer.

We did as they asked, and assured them that all traffic is filtered through Distil Networks, aggressively blocking non-human traffic. And because of our relationship with Distil, we were able to provide them with a significant amount of drill-down information as to what was happening with their traffic.

How Distil reports helped save the day

I’ve reproduced a few of the reports we were able to supply to the advertiser below, with the account name blocked out for reasons of privacy and confidentiality:

Seven-day traffic overview

distil bot protection dashboard

Threats by organization

The next screenshot shows exactly who was blocked from coming to the site, starting with our basic policy of blocking 100% of traffic coming from virtual private servers. We were also able to reassure them that we had worked with Distil to specifically block traffic from Amazon, Colocrossing, Google Cloud, and Microsoft Azure – which meant that any bad guys spinning up bot servers on public cloud platforms would not be able to throw brute force or other account-cracking attacks at our clients.

example of a distil networks report blocking bots from virtual private servers

And here’s a one-day snapshot of threats by organization:

example of a distil networks bot clocking report sorted by the organizations

Note in particular the highlight on the first entry, Nobis Technology. This is a data center that probably cycles through tens of thousands of IP addresses; using Distil’s service has enabled us to block over 3.6 million IP addresses every day.

Trap analysis

This screen identifies the threats that are blocked, as well as who they’re coming from. This particular illustration is a seven-day snapshot, but we could have picked any date or date range, which helps us to show how patterns develop over time (behavior patterns are a key part of how Distil distinguishes good bot traffic from bad). The filtered IP tab is also open here to show exactly what and who has been blocked.

example of a distil networks report identifying bad bots

Audit log

This screen is specific to the advertiser’s placement within their DFP account and makes it very easy to see exactly what attempts were blocked by Distil.

example of a distil bot protection report broken down by requests

User Captcha

If we find that a user – human or not – has gone down through a certain number of pages, we insert a CAPTCHA into the user journey. Yes, it’s a risk to do this – most users really don’t like CAPTCHAs – but click integrity is so important to Real Good Media's customers that we think it’s a risk worth taking. The text on the screen is customizable, so it’s relatively easy for us to tune the message to the tolerance levels and expectations of genuine human users.

Blocking Integral Ad Science (IAS), DoubleVerify, Forensiq, and Media Trust

We also block Integral Ad Science (IAS), DoubleVerify, Forensiq, and Mediatrust. We don’t subscribe to their services, so they have no need to ping our sites. While this can cause problems of “unknown traffic” reports, it’s another calculated risk that my customer was prepared to take. And we try to block as much IE traffic as possible, because that’s the platform most bots use. But we can’t block everything – IE still has plenty of legitimate users, and their needs must also be respected.

distil captcha protection page

Reduced bot traffic to less than 3%

Anyone who’s spent any time in the information security space knows that there is no silver bullet, and 100% security is simply not feasible (unless you never turn on your device or connect to the internet!). We still see a small amount of bot traffic, mostly in the sub 3% range – which is pretty good when you consider that most commercial websites see more than 60% non-human traffic.

Advertiser had “never seen such in-depth reporting”

Trust is critical to our customer’s business, and Distil has enabled us to prove to this advertiser that we’re more than worthy of their trust. By nearly eliminating non-human traffic, Distil Networks has ensured that the ad interactions across my customer’s site is high quality and human. The advertiser that filed the fraud inquiry said they’d never seen such in-depth reporting and needless to say, they remain a happy advertiser to this day.

Want to hear more about my perspective on battling NHT, together with industry luminaries from 614 Group, Hulu and IPG Media Brands? Watch the video: The 2017 State of Digital Publisher’s Fight Against NHT.

Previous Article
2017 Resolutions for IT Security Executives and the Biggest Threats Facing Companies This Year
2017 Resolutions for IT Security Executives and the Biggest Threats Facing Companies This Year

We asked 10 industry analysts and reporters their top security resolution for IT security executives, as we...

Next Article
Why Bot Blocking Makes Sense for Publishers
Why Bot Blocking Makes Sense for Publishers

With advanced bots, publishers cannot fully normal users from non-human traffic and are losing out on reven...