Actually captcha these days is nearly full proof. Bots can't select street lights or click on buses in the captcha photos. The captcha of 2005 was easy to defeat which was just a simple 4-6 letter captcha but these days it's full proof.
If you're on a "clean" IP address, you can also use the audio captcha solver
buster, which is a browser extension that feeds the audio challenge back into Google's own speech recognition software. Captcha has gotten more advanced, but so have the tools used to solve them. It's an endless arms race.
Once I had my own faucets and gave up running them just because of the endless fight with continuous modernization of security. About once every two weeks, someone was cleaning the faucet's address. Not only the captcha was bypassed. Hackers found ways to bypass waiting time, they was finding some backdoors in script. Something new every time. I just lost my patience.
Ps. On other hand, I'm not a programmer, so I used other people's scripts. At one point I was almost sure that people were writing scripts for faucets with backdoors, only to steal from them later. But that is other story..
Running a faucet, exchange, online casino... etc is serious business.
People see all these casinos/exchanges like freebitco.in, primedice, binance making lots of money but there is a reason for that. Not everybody can do it. If it was that easy, then everybody would do it and nobody would make any money. Supply and demand as always.
In your situation though... running a free script? These people put them there just so they can hack your business later. You either code it yourself or hire someone for the job. Either way it is never easy or cheap.