Jump to content

  • Sign Up!

    Join our friendly community of music lovers and be part of the fun 😎

Ticket tips and Tricks for 2025 festival

Crazyfool01

By Crazyfool01
in Chat

 Share

Recommended Posts

Alvoram Veteran

Alvoram

Posted
Posted
15 hours ago, DeanoL said:

Theoretically it seems slightly worse for large groups. As previously if someone got in and got tickets for one group, they could try and get in again. That's not going to be possible now as they'll be at the back of the queue. 

 

But yeah, if people with bot farms were getting lots of tickets then that might be reduced (but it's always an arms battle with this sort of thing) which increases everyone elses chances.

Yes I guess, and that's certainly one way of looking at it. But lots of tickets were also taken out of rotation by people who were able to game that too, with the back button glitch, allowing people to buy there entire spreadsheet's groups in a couple of minutes...

Again, bad news if you were someone doing this / able to do this, good news for everybody else. 

 

15 hours ago, gsp8181 said:

Here's how it's working

 

You go onto glastonbury.seetickets.com. You'll hit an Akamai CDN which is protected with Akamai Bot Manager

 

It will calculate an initial score for you based on your hostname, IP address, useragent, ISP, and how many people are going through that IP. So if you're going through something dodgy like a cloud datacentre or a commercial VPN you'll be a lot higher. If you're going through a mobile network AND are a mobile phone you'll probably be given more leeway.

 

If your score is too high you'll be instantly blocked, if you're in the mid zone you'll be 'flagged', and if it's low you'll be let on instantly.

 

If you're in the midpoint you can usually tell because the first time you log into the website you'll see a short delay before you get on while it 'fingerprints' your browser. Whereby it uses Javascript to gather all the information it can and can identify you with surprising accuracy, from stuff like, do you have any custom fonts, what plugins do you have in your browser, to the weirder stuff like drawing animations and analysing them to see if your graphics card has any minute differences. So they can track you if you've got firefox and chrome on the same machine.

 

Akamai will then set a load of cookies to link you to a session.

 

They'll then continuously run the fingerprinting script to watch for changes. So if you transfer any queue cookies to another browser they'll figure it out pretty fast when suddenly that browser starts giving completely different information. It will also look at stuff like your mouse pattern and you tabbing in and out to build a behavioural pattern

 

They analyse it all serverside with machine learning to compare what you're doing, to that of a typical user and bot.

 

They can also link you to activity on previous Akamai sites to work out if you're bot like or not.

 

If it thinks you're a bot it will flag you for a ban which doesn't happen instantly but typically in a minute or two.

 

If you clear the cookie it will just refingerprint you and then ban you again.

 

Queue-It is integrated into the Akamai suite and uses Akamai session handling.

 

If you're on something that meets a typical shared IP pattern such as a CGNAT like using a phone on mobile data or on a work computer they will give you a lower score and more leeway basically. If you're logging on from those AWS instances you spun up you'll be given a high score. Plus like you might have different drivers, fonts, setups, running different mobile os versions, bought different device models, languages etc. If you're doing something it considers weird like running Linux, or keeping the tab in the background you'll be given a higher score.

 

My friends got a screen reader and triggered it trying to register so I guess they've got it on a pretty high setting. I emailed them to tell them

 

Also interesting is that the SeeTickets side after the CDN is not changed at all and still has the 'youre on a holding page, refresh in 20 seconds' active which I saw triggered the other day.

 

So i'm guessing the queueit will block access to the website until you're at the front of the queue and then give you a 10 minute token to access it normally

 

If they don't properly clear the queueit session then you will be able to buy as many tickets as you like in those 10 minutes

 

A lot of it is similar to how those click here if you're a human boxes work, sometimes they let you straight on because you look like a typical user from a typical network and haven't done anything funny, sometimes they might ask you to solve a picture puzzle if you're on a shared network, and if you're on a VPN it will blast you with tons of pictures that it intentionally makes very grainy to try and trip you up

 

I do DevOps work and have seen some presentations from their competitor so figured out how this ones working

Is that competitor Cloudflare?  

This is pretty much what I was trying to describe, though in much much more detail. If you're detected as using a bot, you're probably not getting anywhere near a queue-it page, never mind the front of the queue, because bot detection and human verification for Akamai is done on the edge.

I use a very simple tunnel system from Cloudflare called Zero Trust to protect my servers. When the URLs to my servers are entered, you get nowhere near my physical hardware until you've cleared Cloudflare's security (as it's only me that needs to access them, that is an MFA approach of an emailed code first, with only my address whitelisted, so any other entered will not get a code at all, then once that's cleared, a password and HW key.) I could also enable Cloudflare's bot protection amongst many other things, but I don't feel I need it for my use case, so I only use Zero Trust access control. 

Everything I've read about Akamai on their site is suggesting to me that it's a very similar system.

Link to comment
Share on other sites
  • Replies 1k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

gsp8181
gsp8181

Here's how it's working   You go onto glastonbury.seetickets.com. You'll hit an Akamai CDN which is protected with Akamai Bot Manager   It will calculate an initial score for you b

Fake Encore
Fake Encore

I don't want to go to Glastonbury with people who use tunnel servers, vpn re-routing systems or pay £900 for slots in the tickets queue or stop in a kubutz 2 miles away.   I want the hippies

LOWERCASE GUY
LOWERCASE GUY

I've been lurking here for a while now, but have noticed something that I don’t think has been mentioned in this thread yet which may suggest a queue is likely to be used this year.   www.se

Posted Images

Fake Encore Contributor

Fake Encore

Posted
Posted

I don't want to go to Glastonbury with people who use tunnel servers, vpn re-routing systems or pay £900 for slots in the tickets queue or stop in a kubutz 2 miles away.

 

I want the hippies at Strummerville, the great unwashed, the ones who will go to the JP Tent at 11.30am as they half heard a song on 6 a year ago, the one getting a swedish massage and not just for instragram but, because there back hurts lugging the thatchers up the hill.

 

Amen 

  • Like 2
  • Upvote 12
Link to comment
Share on other sites
Supernintendo Chalmers Grand Master

Supernintendo Chalmers

Posted
Posted
4 minutes ago, Fake Encore said:

I don't want to go to Glastonbury with people who use tunnel servers, vpn re-routing systems or pay £900 for slots in the tickets queue or stop in a kubutz 2 miles away.

 

I want the hippies at Strummerville, the great unwashed, the ones who will go to the JP Tent at 11.30am as they half heard a song on 6 a year ago, the one getting a swedish massage and not just for instragram but, because there back hurts lugging the thatchers up the hill.

 

Amen 

 

Beautiful. Even better if you read it aloud whilst playing "Jerusalem" in the background

  • Like 2
Link to comment
Share on other sites
dg.bandol Apprentice

dg.bandol

Posted
Posted

Naïve tech question: we have a router with a guest network - if one device is connected to the "regular" WiFi and another connected to the guest WiFi, will this have separate public IP addresses or would it still present to an external server as the same public IP? 

Link to comment
Share on other sites
Slimeyc Contributor

Slimeyc

Posted
Posted
8 minutes ago, dg.bandol said:

Naïve tech question: we have a router with a guest network - if one device is connected to the "regular" WiFi and another connected to the guest WiFi, will this have separate public IP addresses or would it still present to an external server as the same public IP? 

 

Most likely same IP 

  • Upvote 1
Link to comment
Share on other sites
Ayrshire Chris Grand Master

Ayrshire Chris

Posted
Posted
11 minutes ago, Fake Encore said:

I don't want to go to Glastonbury with people who use tunnel servers, vpn re-routing systems or pay £900 for slots in the tickets queue or stop in a kubutz 2 miles away.

 

I want the hippies at Strummerville, the great unwashed, the ones who will go to the JP Tent at 11.30am as they half heard a song on 6 a year ago, the one getting a swedish massage and not just for instragram but, because there back hurts lugging the thatchers up the hill.

 

Amen 

Wonderful sentiments, and sadly, unfortunately that ship sailed a long time ago. Just like I’d love to go to gigs where when I stand up and get into the music the person behind doesn’t tut tut. 

Link to comment
Share on other sites
t0paz Proficient

t0paz

Posted
Posted
16 minutes ago, dg.bandol said:

Naïve tech question: we have a router with a guest network - if one device is connected to the "regular" WiFi and another connected to the guest WiFi, will this have separate public IP addresses or would it still present to an external server as the same public IP? 

It’ll almost certainly be the same but you can confirm it by going to whatismyip.com on both devices and seeing what they are.

  • Upvote 1
Link to comment
Share on other sites
stuie Grand Master

stuie

Posted
Posted
33 minutes ago, Fake Encore said:

I don't want to go to Glastonbury with people who use tunnel servers, vpn re-routing systems or pay £900 for slots in the tickets queue or stop in a kubutz 2 miles away.

 

I want the hippies at Strummerville, the great unwashed, the ones who will go to the JP Tent at 11.30am as they half heard a song on 6 a year ago, the one getting a swedish massage and not just for instragram but, because there back hurts lugging the thatchers up the hill.

 

Amen 

 

Can someone put this through the Morgan Freeman voice generator please? 🙂 

Link to comment
Share on other sites
gsp8181 Apprentice

gsp8181

Posted
Posted
7 hours ago, Mike A said:

 

Is there a way to tell if your browser is being scanned?

If so, would you expect the scan frequency to correlate with your score to some degree?

 

I'd like be able to get a sense if I'm clean (i.e low threshold) or not.

 

It is being scanned in the background anyway. However i've noticed on some of my machines it will show a white page when you first go onto the website (i.e. incognito) and will direct you a second or two later to the Glastonbury holding page. All it's doing it scanning your browser and I suspect you're over the low threshold. My phone (on 4g) lets me on instantly in incognito.

  • Upvote 1
Link to comment
Share on other sites
Scrump Rising Star

Scrump

Posted
Posted
1 hour ago, Fake Encore said:

I don't want to go to Glastonbury with people who use tunnel servers, vpn re-routing systems or pay £900 for slots in the tickets queue or stop in a kubutz 2 miles away.

 

I want the hippies at Strummerville, the great unwashed, the ones who will go to the JP Tent at 11.30am as they half heard a song on 6 a year ago, the one getting a swedish massage and not just for instragram but, because there back hurts lugging the thatchers up the hill.

 

Amen 

Totally agree, but I would add it's possible to be into all this techy stuff as well as being an unwashed hippy who loves music and cider.  In the same way there are self proclaimed hippies who don't live by it's ethos. 

 

People paying £900 for a spot in the queue can get in the bin.

Link to comment
Share on other sites
bob323 Collaborator

bob323

Posted
Posted (edited)
52 minutes ago, gsp8181 said:

 

It is being scanned in the background anyway. However i've noticed on some of my machines it will show a white page when you first go onto the website (i.e. incognito) and will direct you a second or two later to the Glastonbury holding page. All it's doing it scanning your browser and I suspect you're over the low threshold. My phone (on 4g) lets me on instantly in incognito.

it would be interesting to learn how they do the fingerprinting using javascript - i suspect if you could be bothered it could be manipulated. but you'd still have the same IP address which I suspect would play a big part in their scoring algorithm

Edited by bob323
Link to comment
Share on other sites
gsp8181 Apprentice

gsp8181

Posted
Posted
6 minutes ago, Scrump said:

Totally agree, but I would add it's possible to be into all this techy stuff as well as being an unwashed hippy who loves music and cider.  In the same way there are self proclaimed hippies who don't live by it's ethos. 

 

People paying £900 for a spot in the queue can get in the bin.

 

To be fair two lads in our campsite had paid something similar from some scouse lad who had a load of EPO bands, apparently Glastonbury had introduced a new system with an EPO scanner to stop people abusing them and somehow these lads had hold of one of the scanners within the hour.

 

5 hours ago, Alvoram said:

Yes I guess, and that's certainly one way of looking at it. But lots of tickets were also taken out of rotation by people who were able to game that too, with the back button glitch, allowing people to buy there entire spreadsheet's groups in a couple of minutes...

Again, bad news if you were someone doing this / able to do this, good news for everybody else. 

 

Is that competitor Cloudflare?  

This is pretty much what I was trying to describe, though in much much more detail. If you're detected as using a bot, you're probably not getting anywhere near a queue-it page, never mind the front of the queue, because bot detection and human verification for Akamai is done on the edge.

I use a very simple tunnel system from Cloudflare called Zero Trust to protect my servers. When the URLs to my servers are entered, you get nowhere near my physical hardware until you've cleared Cloudflare's security (as it's only me that needs to access them, that is an MFA approach of an emailed code first, with only my address whitelisted, so any other entered will not get a code at all, then once that's cleared, a password and HW key.) I could also enable Cloudflare's bot protection amongst many other things, but I don't feel I need it for my use case, so I only use Zero Trust access control. 

Everything I've read about Akamai on their site is suggesting to me that it's a very similar system.

 

Yeah i'd say Akamai is the big brother competitor to Cloudflare, they both offer identical products but Cloudflare throws more money at devs so they will talk it up around the office and be more familiar to it. Same deal, they offer enterprise bot management with the exact same detection methods and they have their own queuing system.

 

But the end result is the same, if you think you're going to do something cleaver with modifying the source in web inspector or pass around queue ids or cookies, it will know and block you. Even pressing 'view source' counts as a very heavy strike against you, or rapidly cycling around browsers/ip addresses/clearing cookies.

Link to comment
Share on other sites
gsp8181 Apprentice

gsp8181

Posted
Posted
16 minutes ago, bob323 said:

it would be interesting to learn how they do the fingerprinting using javascript - i suspect if you could be bothered it could be manipulated. but you'd still have the same IP address which I suspect would play a part in their scoring algorithm

https://www.amiunique.org/

https://coveryourtracks.eff.org

 

if you're interested in the web fingerprinting methods, it will show you the same ways they're using.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...