Ticket tips and Tricks for 2025 festival

[incident]

Just now, Crazyfool01 said:

so im presuming if they have 3 servers in operation and a 4th that is a standby then as soon as that server is being asked to process 1/4 or more of the sales then the advantage is gone ? would that server be able to potentially handle things at a quicker rate or not be limited in numbers that it was able to process like the others that seem to handle at a set speed ? Are there other ways that people might be attempting to get round this ? just as soon as a hack is discovered they might be attempting to find the next one 

 

They had 5 servers in operation serving Glastonbury traffic. There was 3 servers not serving Glastonbury traffic, that could have been exploited in this way (though from what I saw the "instructions" circulated only focussed on one of them).

 

But trying to work out a percentage from that is pointless as it doesn't tell the story.

 

Firstly, the "legitimate" 5 servers were behind a load balancer, and so each server never actually saw the real volume of traffic and so didn't get affected by it. Secondly because I don't believe that the 3 "other" servers are capable of handling the same volume as the 5 main ones - so they'll fall over with a much lower volume of traffic hitting them.

 

The fix See have put in place, essentially, makes it so that any connection that hasn't gone via the load balancer now automatically gets rejected, meaning that something using this technique can't happen again (unless See were to deliberately set up a server without that protection, which surely even they wouldn't do).

[assorted]

16 hours ago, incident said:

The fix See have put in place, essentially, makes it so that any connection that hasn't gone via the load balancer now automatically gets rejected, meaning that something using this technique can't happen again (unless See were to deliberately set up a server without that protection, which surely even they wouldn't do).

It’s easy for me to believe they have intentional holes for personal use. People are saying this exploit was around for years. There was a similar one found I think in 2011. So I won’t be surprised to find out there is a new one. But how many will know about it? 

[dotdash79]

So something I noticed during the Oasis sale has led me to believe that my ISP was behaving strangely, and this has been followed up by being blocked by twickets on my ISP, if I switch to another service provider (we have 2 internet connections in the house) or to mobile it works fine, but switch back I get a 403 error from the server. 
 

I suspect the way that carrier grade nat has been set up means the pool of IP addresses it uses is small or it’s mis-configured. I’ve just bought myself a dedicated IP address for the sale. 

[Peter_Quaife]

On 9/3/2024 at 10:30 AM, incident said:

 

I'm not doubting that it could be shared.

 

But if it did become widely used, then very quickly the servers involved would become overloaded just as much (potentially more) than the main site given they're the backup ones not configured to deal with heavy load.

 

The servers did get overloaded. I know of someone who routed out to the 'quieter' / non-Glastonbury servers, had been told it would be instant or take a couple of minutes, it took over 20 mins before they got to the registration / postcode page. Id say you're well into 5 figures, not just a few thousand.

 

 

Edited Thursday at 02:47 PM by Peter_Quaife