[dangrossman]

It's an extremely hard problem whether you tackle it in realtime or post-processing. We're talking about being able to separate one group of real people at computers sometimes clicking ads, from another group of real people at computers sometimes clicking ads, where the only difference is the second group has been paid or their computers are being remotely controlled. Nothing in your access logs is going to leap out and say "hey, 123.123.123.123 is an office worker interested in this ink ad, and 123.123.123.124 is a competitor that wants to drive up the price of this ink ad".