6 months ago I created a web app that pays users for the traffic they bring to the web app via a URL. Things have been running smooth and profitable. I had an attorney write up a solid ToS but I'm concerned that some users may find a way to fake their traffic. I have a basic visit_log that shows me HTTP logs with IP and time_spent on page. I know easy it is to send fake bot traffic. My biggest fear is waking up and seeing I have to pay a user 6 digits for fake traffic.