If it's not one thing, it's another. Thanks for the heads up, skaterpunk.

thanks for the heads up

The scammers keep on ... my most recent was an offer from Bill Gates to get $1M because my website was "exceptional". :)

This one is different in being strong arm tactics and the assumption (pretty logical) that the webmaster uses adsense.

Sharing the scams makes all of us that much safer!

This is the kind of things which are more and more frequent, and it will continue to increase with the time.

It's not a new scam, but all of the recent coverage is probably going to result in it being a more common one. I've written about this on the OKO blog today if anyone is concerned.

There are also variants, where guys claim they'll fill copyright infringements to take down a Youtube channel for example. They can also menace you of DDos, or all kind of abuse report. We have to live with this. Hopefully, the more it will be spread, the more platforms will be able to detect them. Then one day, crypto currencies will be taken down..

Most people don't seem to realize this is actually serious. There are very large networks of bots in USA data centers that can do just that. In addition to that, google doesn't communicate much with the publishers, they just lock your account and that is is. So it makes perfect scenario for these crooks to do this.

On the other hand, maybe Google will do something about their stupid automated actions, recently they disabled adsense on one of my domains because someone sent a "copyright" claim, on a page that could not possibly have anything to do with copyright, they lifted the claim days after my counter report, but still caused me to lose money.

IMHO it should be illegal for companies to operate like this, affecting huge amount of users / clients without even be able to contact the company, Google, Amazon (AWS), etc.

I got my ads limited last month for invalid traffic because there was an uptick in bot traffic originating from Singapore, Hong Kong and China. If not for cloudflare I wouldn't have known that I am under such attack as analytics is basically useless in detecting these kinds of traffic. This is very serious because it indeed work, I only wish google will be nice enough to give us some ample time to address the issue like I did with my site either way my ads are limited for god knows when it will be back to normal, waiting and losing 80-90% of your daily ad revenue is no fun.

View your logs and take proactive action. Nuke the bots, and their ranges, and don't let up. This is a task done at LEAST once weekly, if not daily.

Only YOU can prevent bot activity (paraphrasing a rather famous bear)...

Yup I did all that and address the issue the same day and block these bots ip ranges, either way your site will still be flagged and your ads will still be limited.

the same day and block these bots ip

Be proactive, like @tangor said.

- block IP ranges of hosting companies,
- block IP from countries your site is not targetting. For example, if your site has nothing to do with China, Russia, etc... simply block their IP,
- block requests with malformed or missing headers,
- block IP if they are making a given threshold of hits within a given time,
- etc...

If you don't want to block, because you worry to loose legitimate visitors, you can display a captcha-like challenge.

My biggest value/result has been dealing with country ranges. Especially those I do not do business with. Also known bad actor nation/states. YMMV, and your country lists might be different than mine.

Bots masquerade as humans and one really has to stay on top. This is WORK of the least entertaining sort, but if you are doing g's ad machine for income it is the only game to play.

Spend time in the Spider Identification forum at WW ... boggles the mind: [webmasterworld.com...]

Good luck!

Ask yourselves a few questions:

How do they know which email address to use to send a Demand message to?

Is it in public domain/whois, same as you domain registration email, same as your Dunk-in-Do-nots App email?

Can You change above to an Alias and only receive AdSense related to that AdSense Alias?

Can You also receive specific messages to Aliases that are generated from proper senders to a proper Aliaseseses registered with sender/domain only?

Your PUBID is pub-1234567891234567? - deep.

My House 
My Rules 
My Coffee

---p.s.-----
IncrediBILL, RIP, used to push for server-side AdSense Ads for ages.

The lovely thingy with Aliaseseses, they don't have any passwords. And on an email server one sets up a forward rule for an Elias to a real email address only if it comes from a proper ad-dresser.

So one can do a Chuck Norris thingy at this point: Chuck Norris never sleeps, He waits!..

Tell me something new, this type of scam happens all the time (for years). Specially if you are actively using this ad company.

A simple way for scammers is narrow a search for websites using the service and look for the admin email. After that send a email or perform the denial/clicking.

It is not just this ad company. I know it is all over the place.

Adobe got hacked almost a decade ago. At that point many of my faves & I worked at large 'Corps', subscribing as developers(using our own addresses) for updates for new versions of products. We still do.

It is all about the Vector. Nuke it and then wait^ 6 month :).

I got my ads limited last month for invalid traffic because there was an uptick in bot traffic originating from Singapore, Hong Kong and China.

Over about the past month there is massive bot net affecting a lot of phpBB sites, don't know if they hitting other applications. Started with Chinese IP's and then moved to Singapore and HK. It's enough if you're on shared hosting the hosts were shutting the sites down. I'm proxied through Cloudflare and that was last straw for me. Couple of clicks later and all traffic from those countries now gets a JS challenge. If it gets abusive again next step is outright blocking them. As added benefit I have killed off a lot of forum spammers.

When I read things like this I feel like "challenge accepted" because I know my htaccess is secure and my pages fast and my use of out of the box software non-existant.

btw: NEVER respond to what you think is a scammer,

JS_Harris that doesn't protect you against someone that wants to click on your ads using a large botnet, to lock your account, no ?

You deal with bots for the same reason you deal with dogs running loose in the neighborhood. Each and every one. The owners have proven they don't manage their bots with care and consideration so you have to do what you have to do:

Locate the running dogs and impound them, or terminate with prejudice if they are vicious and attack. (click your ads!)

</dark humor with metaphors involved!>

Everyone should be using cloudflare (it’s free!)

And also CSF firewall - if you don’t mind paying for it - I also recommend imunify360, which is a firewall and security software for your server which auto-updates lists of bad IPs of bots, etc to keep your server safe.

+1 for cloudflare. They have an option called "bot fight" which increases bot protection and is also available on the free plan.

-- Everyone --
but what fun is that at 4 am?