Jump to content
  • Sign Up!

    Join our friendly community of music lovers and be part of the fun 😎

Ticket tips and Tricks for 2025 festival


Crazyfool01

Recommended Posts

15 hours ago, DeanoL said:

Theoretically it seems slightly worse for large groups. As previously if someone got in and got tickets for one group, they could try and get in again. That's not going to be possible now as they'll be at the back of the queue. 

 

But yeah, if people with bot farms were getting lots of tickets then that might be reduced (but it's always an arms battle with this sort of thing) which increases everyone elses chances.

Yes I guess, and that's certainly one way of looking at it. But lots of tickets were also taken out of rotation by people who were able to game that too, with the back button glitch, allowing people to buy there entire spreadsheet's groups in a couple of minutes...

Again, bad news if you were someone doing this / able to do this, good news for everybody else. 

 

15 hours ago, gsp8181 said:

Here's how it's working

 

You go onto glastonbury.seetickets.com. You'll hit an Akamai CDN which is protected with Akamai Bot Manager

 

It will calculate an initial score for you based on your hostname, IP address, useragent, ISP, and how many people are going through that IP. So if you're going through something dodgy like a cloud datacentre or a commercial VPN you'll be a lot higher. If you're going through a mobile network AND are a mobile phone you'll probably be given more leeway.

 

If your score is too high you'll be instantly blocked, if you're in the mid zone you'll be 'flagged', and if it's low you'll be let on instantly.

 

If you're in the midpoint you can usually tell because the first time you log into the website you'll see a short delay before you get on while it 'fingerprints' your browser. Whereby it uses Javascript to gather all the information it can and can identify you with surprising accuracy, from stuff like, do you have any custom fonts, what plugins do you have in your browser, to the weirder stuff like drawing animations and analysing them to see if your graphics card has any minute differences. So they can track you if you've got firefox and chrome on the same machine.

 

Akamai will then set a load of cookies to link you to a session.

 

They'll then continuously run the fingerprinting script to watch for changes. So if you transfer any queue cookies to another browser they'll figure it out pretty fast when suddenly that browser starts giving completely different information. It will also look at stuff like your mouse pattern and you tabbing in and out to build a behavioural pattern

 

They analyse it all serverside with machine learning to compare what you're doing, to that of a typical user and bot.

 

They can also link you to activity on previous Akamai sites to work out if you're bot like or not.

 

If it thinks you're a bot it will flag you for a ban which doesn't happen instantly but typically in a minute or two.

 

If you clear the cookie it will just refingerprint you and then ban you again.

 

Queue-It is integrated into the Akamai suite and uses Akamai session handling.

 

If you're on something that meets a typical shared IP pattern such as a CGNAT like using a phone on mobile data or on a work computer they will give you a lower score and more leeway basically. If you're logging on from those AWS instances you spun up you'll be given a high score. Plus like you might have different drivers, fonts, setups, running different mobile os versions, bought different device models, languages etc. If you're doing something it considers weird like running Linux, or keeping the tab in the background you'll be given a higher score.

 

My friends got a screen reader and triggered it trying to register so I guess they've got it on a pretty high setting. I emailed them to tell them

 

Also interesting is that the SeeTickets side after the CDN is not changed at all and still has the 'youre on a holding page, refresh in 20 seconds' active which I saw triggered the other day.

 

So i'm guessing the queueit will block access to the website until you're at the front of the queue and then give you a 10 minute token to access it normally

 

If they don't properly clear the queueit session then you will be able to buy as many tickets as you like in those 10 minutes

 

A lot of it is similar to how those click here if you're a human boxes work, sometimes they let you straight on because you look like a typical user from a typical network and haven't done anything funny, sometimes they might ask you to solve a picture puzzle if you're on a shared network, and if you're on a VPN it will blast you with tons of pictures that it intentionally makes very grainy to try and trip you up

 

I do DevOps work and have seen some presentations from their competitor so figured out how this ones working

Is that competitor Cloudflare?  

This is pretty much what I was trying to describe, though in much much more detail. If you're detected as using a bot, you're probably not getting anywhere near a queue-it page, never mind the front of the queue, because bot detection and human verification for Akamai is done on the edge.

I use a very simple tunnel system from Cloudflare called Zero Trust to protect my servers. When the URLs to my servers are entered, you get nowhere near my physical hardware until you've cleared Cloudflare's security (as it's only me that needs to access them, that is an MFA approach of an emailed code first, with only my address whitelisted, so any other entered will not get a code at all, then once that's cleared, a password and HW key.) I could also enable Cloudflare's bot protection amongst many other things, but I don't feel I need it for my use case, so I only use Zero Trust access control. 

Everything I've read about Akamai on their site is suggesting to me that it's a very similar system.

Link to comment
Share on other sites

I don't want to go to Glastonbury with people who use tunnel servers, vpn re-routing systems or pay £900 for slots in the tickets queue or stop in a kubutz 2 miles away.

 

I want the hippies at Strummerville, the great unwashed, the ones who will go to the JP Tent at 11.30am as they half heard a song on 6 a year ago, the one getting a swedish massage and not just for instragram but, because there back hurts lugging the thatchers up the hill.

 

Amen 

  • Upvote 3
Link to comment
Share on other sites

4 minutes ago, Fake Encore said:

I don't want to go to Glastonbury with people who use tunnel servers, vpn re-routing systems or pay £900 for slots in the tickets queue or stop in a kubutz 2 miles away.

 

I want the hippies at Strummerville, the great unwashed, the ones who will go to the JP Tent at 11.30am as they half heard a song on 6 a year ago, the one getting a swedish massage and not just for instragram but, because there back hurts lugging the thatchers up the hill.

 

Amen 

 

Beautiful. Even better if you read it aloud whilst playing "Jerusalem" in the background

Link to comment
Share on other sites

Naïve tech question: we have a router with a guest network - if one device is connected to the "regular" WiFi and another connected to the guest WiFi, will this have separate public IP addresses or would it still present to an external server as the same public IP? 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...