I run a website (https://freephonenum.com/send-text) that allows people to send FREE SMS worldwide. I started this service a little over 1 year ago to allow our remote dev team to test sending and receiving SMS to and from US number.

After a few months, I realized that a lot of people needed that service; I started getting organic traffic to my site.

But recently I've been seeing few people who are trying to abuse the system. They are sending 1000s of text using my website that costs me a lot of money. I still want to keep the service because it is useful for so many people, I don't want to shut down the service because of just a few evil people.

Here are a few things I tried that didn't work: 1. Google captcha 2. Restricted number of text that can be sent from one IP every day. 3. Don't allow people to send the same text more than 3 times a day. 4. Disabled error message on the site so the abuser would not know if the texts are actually going out or not (Always gives success message).

Things I know abuser is doing: 1. Changes IP address for each request.

2. Manually solves Captcha

3. Adds a random string at the start and end of the message (So that it's not treated as a duplicate message by my system)

4. Somehow the abuser is able to send a 1.5K text every hour (I'm not sure how). I know it's manual because there is like 15 seconds lag.

5. sample texts:

"KREDIT VSEM, LYuBIE SUMMI. Rabotaem s dolzhnikami! t. 89879141731 k1FpLt"

"KREDIT VSEM, LYuBIE SUMMI. Rabotaem s dolzhnikami! t. 89879141731 op0vF0"