CaptainAmerica

Hello, Let's say that my computer has a 4k resolution (3840x2160). And let's say that I don't always like to have 3dxchat maximized around the whole screen, I usually have it configured to run at 2560x1440 Windowed and of course UI Scaling 2.0x cause everything looks real small when using 4k. 1st bug) When you use 2.0x UI Scaling, indeed everything becomes larger except for the players names. Please make the players names enlarge the same way as everything before I lose my eyes to this game 2nd bug) When you use 2.0x UI Scaling in combination with Windowed, dialogs like: unfriend confirmation, delete picture confirmation, delete gift confirmation, are being rendered outside of the visible game window, in other words those dialogs are not visible at all. At first it seems like they just don't work at all but if i switch to UI Scaling 1.0x every dialog appears normally. Regards

Hello, As the title suggests, when people are using big resolutions (ex. 4k) in combination with UI scaling, everything scales as expected except for player names. Font size of player names should scale together with UI scaling option, or there should be a separate option for those if you don't want to mix them. The attached screenshot has UI scaling option set to 2x. It hurts my eyes trying to read the names Regards

From my personal experience, DDoS attacks don't last that long. The biggest attack I have personally seen happening in networks that I manage, a bit more than 24 hours. So... Either the attacker has lots of money to spend and doesn't care, or maybe something else is happening that we don't know of. I couldn't tell. We just have to assume that they are doing the best they can.

I don't know what is your background or what experience you have (you also don't know mine). Unless you have your own AS number, run BGP and have a few multi-path links you don't have full control of how to mitigate a decent DDoS attack. If you just rent a few dedicated servers or VPS just like 3dxchat is doing, there are not many things you can do. You just take what kind of internet connectivity the datacenter gives you and in case you are under attack you are just in contact with them so that they can solve the issue. I can assure you that a majority of big datacenters don't have DDoS protection at all. It is critical that they route all their traffic through some service like Cloudflare (like they do now) in order for your real backend IP to not be known to the attacker. I'm 100% positive that the attack is happening directly on the backend because if they were attacking Cloudflare there would be no issue. Using some decompiler on the client or even easier, using a packet sniffer you can easily get the backend's IP since this is exactly where all the clients connect to for authentication and real-time chat and actions. You say that I don't know what I'm talking about, but you are saying unrealistic things. I am always speaking with the current situation in mind. I could say that if you're under attack, just do a BGP peering with Google and announce your AS number over that link since they obviously have the capacity to mitigate the attack. Or just move your entire server to a datacenter that colocates some huge ISP and do a local peering with them lol but these are not a realistic scenarios. Since their real backend's IP is exposed, there is not much they can do right now. They just chat back and forth with their datacenter's network team and hope that they know what they're doing. Of course if everything was going through Cloudflare (paid not the free one), we would be having a totally different conversation right now. Also, imagine being in a sex game's forum and trying to show who is the biggest tech nerd lol XO

you earned a like for being nice

@xAGONYx All I'm saying is that i'm 99.99% certain that it is out of their hands. They just keep exchanging emails with the datacenter hosting the server. In some (rare) cases downtime of 24h is a real thing depending on how big the attack is. I guess we'll have to wait and see. The forums are on different backend server than the 3dxchat.com. Obviously the attacker wanted to save some $ and attacked only one of those.

Obviously I did some exaggeration there since I have no way of actually knowing what this radio server is all about. But the main fact remains. 600 stable connections are completely different of a DDoS attack which can be consisted of connections in the count of hundreds of thousands per second. 1) Have a look at Cloudflare's homepage lol They clearly state they protect from DDoS. It's not just a CDN, it also provides DDoS protection and you must accept it this 2) 3dxchat.com is working partially as I stated in my original post. Meaning that you are only seeing "cache" and nothing dynamically created on the server side. I dare you to try to login the "members" area. If the attacker is smart, he would attack directly on their backend's IP at the port where their nodejs service is listening to. This is where the real-time part of the game resides. I believe you can understand that if the backend is down due to attack, cloudflare cannot contact it. 3) Every cache object has TTL (time to live) which means that if you could see the main page 10 minutes ago and now you can't, it's simply because cache object is expired and now Cloudflare requests newly fetched object to cache. If at some point after the page was not working, you see it working, it obviously means that the server sometimes responds and sometimes it doesn't. Typical DDoS attack behavior which is not very easy to mitigate. But I also appreciate your time to come here and comment despite the fact that I didn't mention any names :) It means you feel offended and that the butt-hurt is real :) Don't be a jerk, let them do their job.

Everyone here suddenly became an expert on DDoS attacks and how to stop them. "You should have done this and that" (yeah i'm sure you're friends with Captain Hindsight from south park) "Everyone knows you can recover from DDoS in 2-5 hours" (your $10 radio station with 20 people listening has nothing in common with this scenario) "devs are lazy" (show us the way and do what they do but do it better just to show us) "Cloudflare does not protect against DDoS, they only give you infrastructure" (Cloudflare does exactly that. Protects from DDoS attacks because they have huge amounts of bandwidth. And this is exactly the reason why their main page 3dxchat.com is still partially working. Game protocol however does not necessarily go through Cloudflare to avoid caching which is bad for real-time protocols) "You can stop DDoS attacks by installing special server software to ban IPs" (your wordpress brute-force password login attacks have nothing to do with real DDoS attacks lol I guarantee you that if you had the specific attack on your server, it would go 100% cpu just from firewall trying to block all this traffic and eventually your server crashes. DDoS attacks are never being stopped at the server side. It is stopped with the help of infrastructure meaning routers and layer3 switches) "An error 522 is easy to fix" (522 error means that Cloudflare cannot contact the server in order to serve the requested page. It can mean a number of things and depending on what is happening, can be easy to fix or can be super difficult to fix. In the case that some of the game requests are being done directly into the server (and not through Cloudflare) to avoid caching, I'd like to see you try to do an easy fix on this) You simply can't recover that easily during an active DDoS attack. This is a battle of who has the most bandwidth. You? Or the attacker? There is nothing you can do if the attack is of higher bandwidth than what your provider has. Even ISP grade routers just die when facing let's say a 10 Gbit attack with a million packets /sec. When stuff like this happens, all you do is contact your isp (and then they contact their isp and so on) to start dropping packets and blocking connections and in an extreme scenario they can even disable your server's port on the switch (like unplugging the ethernet) until the attack stops because this actually does harm to the rest of the clients in the same datacenter. So please don't play the know-it-all card and don't be a jerk. Just let them do their job. I'm sure they're doing the best they can.

Hello, I know this is an old post but since lots of people are talking about this, I wanted to set the record straight letting people, who are interested in this, know that Pandora shut down on its own and not because of game modifications that rendered Pandora inoperable. Pandora has also consulted 3DXChat (for free) on how to make the game more secure and giving advice on how to make sure no other Pandora-like clone can exist. Regards