Although it is not really possible to prevent malicious users from removing the visitors, even if you water your own plant every day a malicious user could kill it.
Botany checks whether a plant is alive by checking if there is a difference in timestamps from all the waterings that is larger than 5 days.
A malicious user could create a timestamp in the past that is more than 5 days before the last time the user watered their own plant.
When the user then opens botany the plant will be killed.
A simple fix would be to discard all visitor timestamps that are before the last watered timestamp of the user themself (just like timestamps in the future are discarded).
Although it is not really possible to prevent malicious users from removing the visitors, even if you water your own plant every day a malicious user could kill it.
Botany checks whether a plant is alive by checking if there is a difference in timestamps from all the waterings that is larger than 5 days. A malicious user could create a timestamp in the past that is more than 5 days before the last time the user watered their own plant. When the user then opens botany the plant will be killed.
A simple fix would be to discard all visitor timestamps that are before the last watered timestamp of the user themself (just like timestamps in the future are discarded).