Ticket scalping

The ticketing industry and e-commerce sites that offer scarce goods are constantly threatened by bots, which attack their platforms looking to buy up inventory to resell for profit.

When the website of a cultural monument complex experienced successive episodes of tickets being acquired by bots for the resale market and its website crashing repeatedly, they turned to Transparent Edge to regain control of their operations and prevent financial and reputational losses.

Read the full story

Use case

The vulnerability:

Automated bots were purchasing tickets, generating excessive traffic and disrupting website availability, harming genuine users and the business.

The impact was significant:

Legitimate users were unable to purchase tickets.
The ticketing system suffered intermittent slowdowns while bots managed to obtain tickets.
Their website frequently crashed, and the technical team had to work after hours continuously.

How the attack was detected:

The monument complex knew something was wrong when they noticed that their peak ticket sales and website downtime were between 11:00 PM and 2:00 AM.

After further investigation, they identified several regions and IP addresses repeatedly attempting to purchase large quantities of tickets. This wasn’t a brute-force attack, but rather systematic and discreet attempts to exploit their system to gain an advantage.

Transparent Edge’s response:

When Transparent Edge was called into action, it quickly developed a layered defense strategy that mitigated the problem and prevented future incidents.

Immediate actions

Origin restriction: we placed the CDN in front of the origin. This way, users connect to the platform and not directly to the website. From that point on, only requests from the nodes accessed the server.
DDoS Protection: we enabled Anti-DDoS for layers 3, 4, and 7 and set a rate limit with a threshold of maximum requests beyond which traffic is blocked.
Differentiate human from automated traffic: we activate WAF and JS challenges, so that automated traffic is not able to access the website, effectively restricting ticket sales to human users only.

Deployment of protection strategy

IP Scoring: we set a threshold to block low-reputation IPs or those originating from a high-scoring ASN.
Anomaly Detection: we implement tools to monitor behavioral patterns and track potential bot scalping attempts.
Fine granularity: once the basic observability and defense controls model was established, the team moved to fine-grained, granular tuning with custom parameterized rules and customized exceptions and thresholds.

Our actions bring results

Non-human traffic decreased by 60%. The website is fully operational at all times, with zero downtime. Costs have decreased. And, crucially, legitimate customers can purchase their tickets without any issues.

What to consider on ticket sales websites

Unusual traffic patterns due to time, volume, or origin.
Recurring traffic from the same IP addresses or from repeated residential proxy IP addresses.
HTTP 408 server timeout responses that can be attributed to excessive traffic.

What can Transparent Edge do?

We support you with our team’s experience by implementing restrictions and optimizations tailored to your business needs.

With cross-layers of security, detection, and mitigation.

See how you can control your environment and safeguard your digital sales channel.

Talk to an expert