- detect obvious bots (e.g. clients requesting form without loading CSS or JS or filling it in instantly), suspicious IPs (EC2, VPS hosting) and release smaller batch of seats to them (don't deny completely in case of false positive).
- create waiting list and give reservations randomly to people on the list (while the list can be spammed as well, humans would still have better chance than reserving between 4:00:00 and 4:00:01). Also bot authors would have to be creative to avoid creating easy to spot patterns of names/times in the list.
- detect obvious bots (e.g. clients requesting form without loading CSS or JS or filling it in instantly), suspicious IPs (EC2, VPS hosting) and release smaller batch of seats to them (don't deny completely in case of false positive).
- create waiting list and give reservations randomly to people on the list (while the list can be spammed as well, humans would still have better chance than reserving between 4:00:00 and 4:00:01). Also bot authors would have to be creative to avoid creating easy to spot patterns of names/times in the list.