Preventing Click Fraud

[Simon]

I'm half way through a link / click tracking script. I have put some basic features in place to prevent the logging of invalid clicks (ie. ones not from a real user, or ones from a user trying to get around the system):

• only 1 click per IP per 24 hours logged - first general level of filtering
• useragent check against spider list - to filter out logging from most bots
• link targerts - only clicks from specified referer domains are logged

These are some general filters I'm happy with, but I'd also like to implement a scoring system based on RBL or something like that. So when a click is made, the IP is checked against a proxy list, and if matched, a warning is logged. If this happens too often, the offending clicks are struck off.

I found a simple php function that checks against SORBS.net (although the urls seem out dated now), as well as an article on PHPpot (honey trap for bots).

Code:

function check_rbl() {
    $rbls = array('http.dnsbl.sorbs.net', 'misc.dnsbl.sorbs.net');
    $remote = $_SERVER['REMOTE_ADDR'];
    if(preg_match("/([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/", $remote, $matches)) {
        foreach ($rbls as $rbl) {
            $rblhost = $matches[4] . "." . $matches[3] . "." . $matches[2] . "." . $matches[1] . "." . $rbl;
            $resolved = gethostbyname($rblhost);
            if ($resolved != $rblhost) {
                return true;
            }
        }
    }
    return false;
}

Does anyone have any experience in this area; how best to approach a scoring system for invalid clicks, and the best methods to use?