DuinoFaucet

The faucet for Duino-Coin (DUCO) with support for Magi (XMG). Users can claim a small amount of coins once every 12 hours, gated by a Cloudflare Turnstile captcha and per-username / per-IP rate limiting.

Official deployment: the official, project-endorsed instance runs at faucet.duinocoin.com. This source is published so the community can audit and self-host it - forks and self-hosted instances are not affiliated with or endorsed by the Duino-Coin project (see Trademark).

Features

• DUCO and XMG faucets with a shared transaction history and 30-day stats charts
• Cloudflare Turnstile (invisible captcha) with fail-closed server-side verification
• Rate limiting per wallet username and per (hashed) IP, every 12 hours
• SQLite storage - no database server required
• Sends payouts via the official Duino-Coin / Magi transaction API

Requirements

• PHP 7.x or newer with the sqlite3 and curl extensions
• A web server (Apache with .htaccess support, or nginx with equivalent rewrites)
• A Cloudflare Turnstile site key + secret key
• Funded faucet wallet(s) for DUCO and/or XMG

Setup

1. Clone and configure

   git clone https://github.com/Tech1k/duinofaucet.git
   cd duinofaucet
   cp config.example.php config.php

   Edit config.php and set the wallet credentials, payout amounts, and your Turnstile keys ($turnstile_sitekey and $turnstile_secret). config.php is git-ignored and must never be committed.

2. Create the database with the helper script (run from the web root):

   python3 db/create_db.py

   It creates everything the app needs:

   • duco_payouts, magi_payouts - raw payout rows (id, payout_amount, payout_address, transaction_id, ip_address, timestamp) + indexes
   • counters - cumulative per-coin totals (the homepage/stat boxes read these)
   • daily_stats - per-day rollup that powers the 30-day chart
   • pf_ban_list - optional IP ban list

   The pages require counters and daily_stats to exist, so run this before first load. On a fresh install they start empty and fill as claims happen.

3. Serve it behind your web server. If you front it with Cloudflare, firewall the origin to Cloudflare's IP ranges - otherwise the CF-Connecting-IP header used for rate limiting can be spoofed by hitting the origin directly.

4. (Optional) Data retention - to purge old rows on a schedule, add a cron for db/purge.php (CLI only). See the comments at the top of that file.

Security

This software moves real funds. Please read SECURITY.md before deploying, and report vulnerabilities privately. Never commit config.php or the contents of db/ - the database stores user wallet usernames and IP hashes.

License

Licensed under the GNU Affero General Public License v3.0 - see LICENSE.

The AGPL is deliberate: if you run a modified version of this faucet as a network service, you must make your modified source available to its users.

Trademark

The DuinoFaucet and Duino-Coin names and logos are not licensed for use by forks or self-hosted instances. The AGPL covers the code, not the branding - if you deploy your own instance, you must rename it and remove the official branding to avoid implying affiliation or endorsement.

---

Copyright © 2020-2026 Tech1k