NEW DELHI: Reservations of train tickets, in particular Tatkal or Tatkal premium category, may not be possible if users try to book online through Virtual Private Server (VPS).
Following ongoing monitoring undertaken to detect the use of illegal software to purchase tickets online, the ministry found that the majority of touts use VPS to mask Internet Protocol (IP) addresses to book train tickets, which makes it difficult to track their original locations. Therefore, the Ministry of Railways suggested the Indian Railway Catering and Tourism Corporation (IRCTC), the ministry-owned train ticket reservation website, and the Center for Railway Information Systems (CRIS) to block the traffic. going through VPS, especially from a particular web service, which pins Mumbai as the default IP address location, to prevent soliciting activity.
CRIS designs, develops, implements and maintains most of the major information systems of Indian railways.
Besides blocking foreign IP addresses, implementing better algorithms to apply Captchas (response test used to determine if the user is human or not), disabling the copy and paste option on the web page of IRCTC to stop one-time password autofill (OTP) and restrict the window of time to fill in passenger details are further recommendations for upgrading the portal sent this week earlier.
The suggestion note sent to the two agencies further stated that answers to security questions should not be predictable or handled by automation tools.
“Regular passengers / agents do not use VPS for booking. Therefore, blocking traffic from VPSs can restrict the most boastful activities … Even developers try to integrate captcha solvers into automation software. Therefore, it is demanded to implement better algorithms to apply captchas for efficient work ”, reads the note.
The Railways Computerization & Information System (C&IS) division also received these suggestions.
Ticket reservations by illegal agents or touts have long been a major problem and the ministry continues to take measures to prevent such activities, which also result in financial losses. It had also deployed several controls to limit them. The Railroad Protection Force (RFP) regularly campaigns to examine the matter, an official said.
“The developers of illegal software Tatkal have found ways to automatically populate these OTPs by developing OTP reader applications that will read OTP in mobile communications with software and extensions installed on computers, allowing OTPs to be submitted quickly. Therefore, it is requested to restrict the copy and paste option in IRCTC website and Android applications… by doing so, all automation activities on NGeT (New Generation E-Ticketing) websites can effectively be stopped ” , indicates the document.