The database will remain down until further notice.

Cloudflare an option you're open to? I know their free plan has ddos protection.

Also, Discord?

NOOO I was just planning to add a chatbox :<

Have you reached out to Google/Firebase on the matter? Can't you ban their IP/email?

I have reached out to Firebase, the attacker has been jumping VPNs since their home IP was leaked. Firebase won't do anything, Firebase also can't be looped through cloudfare, the server is fine but the database is hosted by Firebase which offers no spam protection

The only real option is to prevent the public from reading chat data directly from the database and loop all read requests through my server. I did this with writes when I switched to a backend. So expect a similar amount of downtime since then

Hmmm. You could 1) Firebase App Check. A good way to block scripts/bots regardless of their VPN 2) Backend Proxy. Moving reads to your backend, and then you could use Cloudfare Free Bot Shield 3) UID Ban in Rules. Hardcode a "deny" in your security rules? Firebase wont charge for requests blocked by rules.

* This Immovable Object Must Be: Terminated * I Don't Have Any Cages LMAO

I thought I messed up my code, but it's apparently broken on all of chattable? I hope this issue will be resolved soon, good luck!

Can someone please explain to me why, WHY is someone attacking a free chat tool FOR WEEKS? Hope you can sort this out soon :/

The following steps will be to migrate from Firebase and fully host the database on my server. Bear with me, as it will be a lengthy process leaving Firebase. If you need any data (chat data or account data) from our database (or want it removed) email us

So sorry Andrew :/

Why the flip would somebody attack a free service like this? Sorry you have to go through this Andrew.

so sorry this is happening!! hope you can figure it out soon, big chattable fan over here :)

To put into perspective, with tens of thousands of users costs usually float around $0.03/day or $0.40/month for the database alone. I also have to maintain server costs, domain costs, private email costs, and more

What would 1 year of operations costs be for you, all things considered?

Without the attacks, all costs considered rounds up to about $810/yr ($65/mo for my server, $15 for yearly domain registration, $15 for email, and $10 maybe for database costs) however, with attacks inflating costs for Firebase due to excessive logins & reads, that adds $75/mo which adds another $900 annually. Not something I'd ask the public to fund. It's best to solve the problem than succumb and pay.

That's only to mention $75 at the current rate of attacks, if an attacker had more machines they could exponentially inflate these numbers even more

Oh hey wait, are you sure you should've put their Ip and email publicly here? Not trying to accuse you of anything I'm just curious if putting this information could lead to people finding them. It doesn't make sense why somebody would attack a free service like this, I'm genuinly curious why.

Holy crap, dude please set up a patreon or other monthly contribution page. A reward could be as simple as access to a community discord. I admire you for providing a free service, but you don't have to take on that financial burdon to provide it. I know you have a ko-fi link on your page but a $1 per month subscription seems like it could be more reliable than a one-time $10 donation.

Shiiii I thought Chattable was just broken, knowing a bad apple has been DDosing Chattable is just vile... hoping you can find a way to fix this mess, even if it means donating to help!

sorry to hear youve been dealing with hell for no reason besides someone deciding to be malicious. we appreciate your free service dev!

ETA: I have no timeline for this. With a change of work hours last year and a lack of motivation on my days off, paired with the amount of time & effort required to rewrite as much as I need to (to patch the abusable exploit) I just can not faithfully provide an ETA. It could be days, or months.