As long as the amount is larger than the ZIP-317 per-input fee (0.00005), transactions can be built from faucet outputs with enough fees to not be considered spam, so you’re good.
I think the faucet is very useful! I would love if it supported testnet too.
Do you have a per-IP limit on claims? That might also help against people farming it.
6 Likes
Yes, actually ZecFaucet has various security mechanisms, to avoid this issue:
- IP address
- Browser fingerprint
- Proxy / VPN detection
Claims are added to a wait list, any new claim with the same IP address, browser fingerprint or Unified address made in less than 120 minutes is rejected.
If a vpn is detected, the claim is rejected right away, using this free service to detect proxy/vpn: getipintel.net/
IP addresses protection can be bypassed with VPN, I believe browser fingerprint changes when opening a ingonito window, and VPN check isn’t perfect.
Requiring user registration can mitigate this problem, but I really don’t want to do this.
The faucet idea is to capture the old days of BTC faucets, direct transfers, no registration.
What really baffles me is the huge amount (using vpn, opening new browser windows, generating new UA for each claim*) of work this person is doing to collect few cents
* Just had an idea, maybe I’ll restrict addresses for a total of 10 claims (for example), that would force the attacker to generate and use large amounts of addresses, maybe this will make then give up.
6 Likes