faucet icon indicating copy to clipboard operation
faucet copied to clipboard
verified publisher icon steemit

Unlimited tries for phone numbers on sign up

Open gryter opened this issue 7 years ago • 4 comments

There is absolutely no legitimate reason a user needs to try more than one or two numbers "already linked to an existing account or under review". The presence of limitless tries allows scammers the option to cycle through myriad sms numbers in order in order find an unused one. We tried 20 different numbers from different countries that were already in use.

Reasoning: User may need to try multiple numbers until one on a supporting carrier is found. Users whose carrier doesn't support the function would typically borrow a friend's or family member's phone to complete the registration. They would need to change the number on signup for that.

Proposed Solution:

  • Limit the "already linked to an existing account or under review" to 2 tries before lockout.
  • Limit the Edit function to 5 tries before lockout.

RELATED ISSUE: Ability to swap between countries/regions. The initial area code suggestion defaults to the registrant's geographic location. Unsuccessful attempts and edit-prompted attempts both allow the registrant to swap their area code. We have successfully swapped our code to Russia, Ukraine, South Africa, Great Britain and so forth while cycling through our list of free sms numbers.

Reasoning: Text reception may be restricted in a user's geographical location.

Proposed Solution: Limit the area code selection function to the 5 proposed Edit tries before lockout.

Post with graphics can be found here https://steemit.com/steem/@guiltyparties/account-creation-issues-solutions

gryter avatar Apr 15 '18 20:04 gryter

Attempts are not unlimited.

https://github.com/steemit/faucet/blob/b0495a5734254925bf20c52b4f13dd36374666dd/routes/api.js#L54-L67

gl2748 avatar Apr 16 '18 14:04 gl2748

that's a limit within a period of time but not an overall limit, which is what @gryter is suggesting we add

bnchdrff avatar Apr 16 '18 14:04 bnchdrff

add additional action logging & limiting to the phone verification endpoint

bnchdrff avatar May 09 '18 16:05 bnchdrff

Hello guys, i am getting this error "error_api_actionlimit" triying to verify my cell number.. how mane time i have to waiting for verify my cellnumber? or i have to create anothe accound?? D:? @bnchdrff

olopezdeveloper avatar Apr 21 '20 19:04 olopezdeveloper