[novaleaf]

I feel his pain.

I run a SaaS with what I think is a pretty generous free tier (PhantomJsCloud dot com), and yeah, I have numerous people from all over the world doing their best to shit all over it:

- switching IP addresses every request to circumvent "demo user" rate limiting

- creating upwards of 100 fake accounts to get free credits ($0.05/day each account)

- embedding api calls into their webpages so their users ip address is used for "demo user" credits

- API driven credit cards and hijinks around that.

- using url shorteners to circumvent blacklisted domains

I'm not sure if it's a case of people being incapable of paying credit cards, or just their ethics allow stealing anything that's not bolted down?

I don't mind people signing up with a burner email address, but unfortunately most these abusers are too. I am going to be banning all throw away email accounts soon. And if that doesn't work (which it probably wont) I'm going to have to kill my free tier.

[peterwwillis]

Can you do what the big cloud providers do, and demand a "real" phone number be verified for sign-up? Not impossible to beat, but more costly. Or maybe there's a market for paying customers somewhere between your free and paid tiers?

[novaleaf]

My lowest paid tier is USD$10/mth. As my target audience are developers, I think it's hard to believe that any of them would really be unable to pay that, yet still gain value from my service.

Maybe I'm just a peace loving hippy but I'm rather shocked at the levels of abuse I see. I do want to enable paypal, just in case it's a lack-of-credit/debit card issue.