[ New OTLIST | TibiaList.org ] Real-Time & High Performance

[Sigoles]

TIBIALIST.ORG

The Next Generation of Open Tibia Infrastructure

JOIN THE BETA PREVIEW​

---

Beyond a Common Server List

TibiaList.org isn't just a directory; it’s a high-performance ecosystem designed for players and developers alike. Inspired by modern standards, we have rebuilt the concept of a server list from the ground up using cutting-edge SPA (Single Page Application) techniques and real-time data streaming.

Core Features for Players

• Real-Time Latency & Monitoring: Precise global ping analysis and active monitoring that scans the network every 30 seconds (edited from 10 to 30 to prevent timed out in some servers).
• Rich Interactivity & Data Viz: Experience fluid interfaces with interactive graphs for uptime/players and a seamless server visualization.
• Advanced Filtering: Find your perfect world using deep filters for engine version, PvP type, rates, and even bot/MC policies.
• High Legibility & Modern UI: A clean, "Emerald-Dark" flat design optimized for focus and accessibility.
• Like & Favorite System: Help hidden gems grow! Our like system gives visibility to high-quality small servers that deserve a chance.

The Developer & Owner Suite

• 100% Automated: No more waiting for manual approvals. Our interactive step-by-step system handles placements instantly.
• Intelligent Anti-Spoof: Sophisticated algorithms to detect fake players without being invasive or damaging your server's privacy.
• Developer Insights: Access unique tips, market share data, and historical trends to improve your server.
• Customizable Widgets: Embed real-time activity charts and ping maps directly on your own website.
• Server Genealogy: An animated "Family Tree" that automatically groups servers sharing the same domain or IP addresses.
• Email Alerts: Get notified instantly the moment your server goes offline (or comes back online).
• Protocol Mastery: Full support for XML and Binary reading, utilizing multiple proxies to verify servers.

Technology Stack

• Ultra-Fast Navigation: Powered by Hotwire Turbo for partial DOM updates without full page reloads.
• AI Integration: Integrated AI for generating smart server descriptions and catchphrases.
• Multi-Language Support: Fully translated interface (EN, PT, ES, PL) with automatic detection.
• Public & Private Downloads: A secure hub for custom RME, custom clients, and dev tools.

Found a bug or have a suggestion? Please let us know! We are more than happy to listen to your feedback and work together to improve the platform. Your input is essential for the evolution of the project.​

---

STILL IN ACTIVE DEVELOPMENT
We are in a Beta-Preview stage. Expect constant improvements, maintenance, and new features as we refine the ultimate tool for the community.

Check it out now: TibiaList.org​

 

[diasnunesr]

I found the site very interesting, good idea, the best success is the successive set of errors.

Good luck!

 

[eufonia]

another otlist that no one is going to use

 

[Sigoles]

another otlist that no one is going to use

I've been in the admin seat, so I know visibility is key. We're securing streamer partnerships and Ads to drive traffic for owners, but we're also focusing heavily on the player experience. If the players enjoy using the site to find servers, everyone wins.

 

[Marko999x]

good luck

 

[VitoxMaster]

I will sign up for sure. Good to see that there is not only otservlist option.

 

[Webtimize]

Please let us know! We are more than happy to listen to your feedback and work together to improve the platform. Your input is essential for the evolution of the project.​

Bet


1. The logo says "global tracker", the text below it says "The largest active community in Latin America". Wasn't it a glorified server list?
2. Your vague marketing description (that looks chatgps asf ngl) says you are going to create some "infrastructure"? Wasnt it a glorified server list?
3. The moment you publicize the graph of players online per server, it will show they are spoofing. Aint no server owner gonna self snitch.
4. Also the meta desc isn't even english and will be cached anyway. Makes no sense to put how many people on how many servers online there.
5. All your modals are visible wtf?
6. Not that you would care but cip has fucked around with sites providing mirrors for their clients
7. The ping is from your server to theirs? The pings you show are useless because it's from you to them. Im in europe with 180 ping to germany and 43 ping to usa. Also the ping for querying a server does not reflect actual gameplay ping.
7a. I read somewhere in your site source that its based on a selected location. Is that a calculation? An estimate? Mere hope?
8. You state you query every 10 seconds, you can be timed out on some servers.
9. No player cares about your technical jargon being used, it's like saying "I have a Bugatti MF-V10", to someone that doesnt know cars. They wouldnt know what to make of it. Also it doesnt even exist but so arent the features you spit above.
10. If a server owner needs your email notify for downtime, maybe they shouldnt be hosting a server anyway
11. Public, reindexed downloads that are already available. Lets decentralize resources more.
12. ?????????? (see image)

13. People keep forgetting what an org domain is for, but i get it, the market is scarce for a good domain
14. Translation is almost nowhere, unlike advertised
15. AI integration for the braindead server owners, to everyone their own i guess. Answers question 2 tho
16. Your worker is down? because none of the data matches any other site at the moment of writing
17. You're using different (also, both stolen) logo's in your thread as on the website

I've been in the admin seat, so I know visibility is key. We're securing streamer partnerships and Ads to drive traffic for owners, but we're also focusing heavily on the player experience. If the players enjoy using the site to find servers, everyone wins.

In what way do streamers drive traffic to you and not to the servers lol? Hard watch you are in "beta preview stage" and already showing "premium" spots. I've done exactly what you're doing, just to see how many servers were spoofing. With a fuck ton of data behind it, and there is no need for that shit with this low traffic. Looks more like the 3382th "me good for community, me decentralize more by wanting to centralize".

It's extra funny that I went to press the post button and saw 2 other threads going to do the exact same.

Not much to refine, alot to complete. Good luck with your !

~edit, forgot to ask; you ripped that template didnt you?
~ more edits because that shits a mess
~ you are breaking rule 4 and 11 i suppose but /shrug

 

[Stanos]

Site is so good that it requires recaptcha confirmation without displaying recaptcha confirmation

 

[Sigoles]

Site is so good that it requires recaptcha confirmation without displaying recaptcha confirmation

Hi, we are using reCAPTCHA v3, which is completely invisible without interactions (the automatic verifier works by scores). We will be switching to version v2 today, which is invisible to regular users and will display a challenge to "suspicious" users (with low scores). Thank you for the feedback, we will improve the list.

Post automatically merged: Feb 7, 2026

Bet


1. The logo says "global tracker", the text below it says "The largest active community in Latin America". Wasn't it a glorified server list?
2. Your vague marketing description (that looks chatgps asf ngl) says you are going to create some "infrastructure"? Wasnt it a glorified server list?
3. The moment you publicize the graph of players online per server, it will show they are spoofing. Aint no server owner gonna self snitch.
4. Also the meta desc isn't even english and will be cached anyway. Makes no sense to put how many people on how many servers online there.
5. All your modals are visible wtf?
6. Not that you would care but cip has fucked around with sites providing mirrors for their clients
7. The ping is from your server to theirs? The pings you show are useless because it's from you to them. Im in europe with 180 ping to germany and 43 ping to usa. Also the ping for querying a server does not reflect actual gameplay ping.
7a. I read somewhere in your site source that its based on a selected location. Is that a calculation? An estimate? Mere hope?
8. You state you query every 10 seconds, you can be timed out on some servers.
9. No player cares about your technical jargon being used, it's like saying "I have a Bugatti MF-V10", to someone that doesnt know cars. They wouldnt know what to make of it. Also it doesnt even exist but so arent the features you spit above.
10. If a server owner needs your email notify for downtime, maybe they shouldnt be hosting a server anyway
11. Public, reindexed downloads that are already available. Lets decentralize resources more.
12. ?????????? (see image)
View attachment 98048
13. People keep forgetting what an org domain is for, but i get it, the market is scarce for a good domain
14. Translation is almost nowhere, unlike advertised
15. AI integration for the braindead server owners, to everyone their own i guess. Answers question 2 tho
16. Your worker is down? because none of the data matches any other site at the moment of writing
17. You're using different (also, both stolen) logo's in your thread as on the website


In what way do streamers drive traffic to you and not to the servers lol? Hard watch you are in "beta preview stage" and already showing "premium" spots. I've done exactly what you're doing, just to see how many servers were spoofing. With a fuck ton of data behind it, and there is no need for that shit with this low traffic. Looks more like the 3382th "me good for community, me decentralize more by wanting to centralize".

It's extra funny that I went to press the post button and saw 2 other threads going to do the exact same.

Not much to refine, alot to complete. Good luck with your !

~edit, forgot to ask; you ripped that template didnt you?
~ more edits because that shits a mess
~ you are breaking rule 4 and 11 i suppose but /shrug

Thank you for your feedback, we will improve it with your ideas.

 

[Webtimize]

Hi, we are using reCAPTCHA v3, which is completely invisible without interactions (the automatic verifier works by scores). We will be switching to version v2 today, which is invisible to regular users and will display a challenge to "suspicious" users (with low scores). Thank you for the feedback, we will improve the list.

Post automatically merged: Feb 7, 2026

Thank you for your feedback, we will improve it with your ideas.

Please reconsider redoing your project. How the fuuuck am I able to call the query script directly?

/_sys/ping_server.php?ip=sv.kaldrox.com&port=7171&country=br&user_country=auto&user_lat=&user_lon=&t=1770479247070

Why can I access this directly? Public API as a feature yay? /_sys/getservers.php?status=all&t=1770479496804

Nothing makes sense

Care to explain or just here to promote?

Edit; this your alt for traction bro? Account made a comeback just to like your post

diasnunesr

otland.net

 

[Sigoles]

Please reconsider redoing your project. How the fuuuck am I able to call the query script directly?

/_sys/ping_server.php?ip=sv.kaldrox.com&port=7171&country=br&user_country=auto&user_lat=&user_lon=&t=1770479247070

Why can I access this directly? Public API as a feature yay? /_sys/getservers.php?status=all&t=1770479496804

Nothing makes sense

Care to explain or just here to promote?

Edit; this your alt for traction bro? Account made a comeback just to like your post

diasnunesr

otland.net

Hello, the only thing that doesn't make sense is you wasting hours trying to find flaws in a project; everything else makes sense. There's no problem with being able to query public links; there's no security flaw because we don't connect to databases in this case. But thank you for your feedback, we will block this to avoid conspiracy theories; we will always improve when there is criticism (which was to be expected from haters). You confused "public access" with "security flaw," as a supposed programmer, you should know the difference between the two.

 

[Webtimize]

Hello, the only thing that doesn't make sense is you wasting hours trying to find flaws in a project; everything else makes sense. There's no problem with being able to query public links; there's no security flaw because we don't connect to databases in this case. But thank you for your feedback, we will block this to avoid conspiracy theories; we will always improve when there is criticism (which was to be expected from haters). You confused "public access" with "security flaw," as a supposed programmer, you should know the difference between the two.

So you ask for feedback, get it and call it hate? I didnt have to waste hours, it was some mere minutes because everything is soo obvious. HYou promote this shit like its some dope elegant system but doesnt even follow best practices. Never said anything about security, because I assumed there is none. But you call that public access, I read. You just can't have criticism because you don't want to admit that it's a steamy pile with a slick story around it. You look like a leech with make-up.

REST API Best Practices

REST API design best practices guide us in building timeless APIs that are scalable, secure, efficient, and integrate seamlessly with other systems.

restfulapi.net

PHP Standards Recommendations - PHP-FIG

We're a group of established PHP projects whose goal is to talk about commonalities between our projects and find ways we can work better together.

www.php-fig.org

W3Schools.com

W3Schools offers free online tutorials, references and exercises in all the major languages of the web. Covering popular subjects like HTML, CSS, JavaScript, Python, SQL, Java, and many, many more.

www.w3schools.com

The Python Tutorial

Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python’s elegant syntax an...

docs.python.org

Post automatically merged: Feb 7, 2026

Hi, we are using reCAPTCHA v3, which is completely invisible without interactions (the automatic verifier works by scores). We will be switching to version v2 today, which is invisible to regular users and will display a challenge to "suspicious" users (with low scores). Thank you for the feedback, we will improve the list.

Post automatically merged: Feb 7, 2026

Breaking GDPR too, very nice. But you wouldn't know what that means and even how you broke it.

 

[Sigoles]

So you ask for feedback, get it and call it hate? I didnt have to waste hours, it was some mere minutes because everything is soo obvious. HYou promote this shit like its some dope elegant system but doesnt even follow best practices. Never said anything about security, because I assumed there is none. But you call that public access, I read. You just can't have criticism because you don't want to admit that it's a steamy pile with a slick story around it. You look like a leech with make-up.

REST API Best Practices

REST API design best practices guide us in building timeless APIs that are scalable, secure, efficient, and integrate seamlessly with other systems.

restfulapi.net

PHP Standards Recommendations - PHP-FIG

We're a group of established PHP projects whose goal is to talk about commonalities between our projects and find ways we can work better together.

www.php-fig.org

W3Schools.com

W3Schools offers free online tutorials, references and exercises in all the major languages of the web. Covering popular subjects like HTML, CSS, JavaScript, Python, SQL, Java, and many, many more.

www.w3schools.com

The Python Tutorial

Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python’s elegant syntax an...

docs.python.org

Okay, thank you for your feedback. I appreciate constructive criticism; you pointed out some flaws and we will correct everything (such as the translation, we have 6000 lines translated, but some are missing, we will look into this issue in the coming days), since this is a preview phase, it is normal to have imperfections (silly imperfections). Some reports have already been fixed, such as issues with captcha v3 scores; the user @Stanos who reported them can now register the server.

 

[Webtimize]

Okay, thank you for your feedback. I appreciate constructive criticism; you pointed out some flaws and we will correct everything (such as the translation, we have 6000 lines translated, but some are missing, we will look into this issue in the coming days), since this is a preview phase, it is normal to have imperfections (silly imperfections). Some reports have already been fixed, such as issues with captcha v3 scores; the user @Stanos who reported them can now register the server.

Some flaws lmao. Imperfections is not the same as shipping an unfinished project and call it a beta. Nothing is finished. Calling it silly imperfections just speaks for you level of understanding what good software is. Would never dare to run anyting compiled from your closed-source business scheme, based on how you developed the website.

Im still going to leave you in the dark on recaptcha, because I wasn't talking about some "bug". It's called non-compliance, maybe check the terms of reCaptcha.

 

[Sigoles]

Some flaws lmao. Imperfections is not the same as shipping an unfinished project and call it a beta. Nothing is finished. Calling it silly imperfections just speaks for you level of understanding what good software is. Would never dare to run anyting compiled from your closed-source business scheme, based on how you developed the website.

Im still going to leave you in the dark on recaptcha, because I wasn't talking about some "bug". It's called non-compliance, maybe check the terms of reCaptcha.

Thanks for the feedback. Calling public GET parameters via a URL isn't a vulnerability; it's standard web behavior. However, enforcing strict access controls (like blocking direct API access via Referer/CORS checks) is part of our roadmap as we move from Preview to Production.

We launched the Preview yesterday explicitly to gather this kind of feedback and stress-test the system. Rest assured, standard hardening is being rolled out daily. If you find actual security exploits (SQLi, XSS, etc.), feel free to report them properly.

 

[SneakyNinjaCat]

"Wow, 'High Performance' indeed - mostly in the Ctrl+C / Ctrl+V department.

It’s hilarious how you claim this is a 'new' and 'real-time' project when it’s basically a 1:1 skin-job of The Largest Open Tibia Server List - otservers.online (https://otservers.online). Calling this an original work is like putting a Ferrari badge on a stolen bicycle.

The only thing 'High Performance' here is how fast you managed to scrape their frontend. If you're going to 'innovate', at least try to change the CSS so it’s not so painfully obvious to everyone. Stop wasting the community's time with low-effort clones."

 

[Sigoles]

"Wow, 'High Performance' indeed - mostly in the Ctrl+C / Ctrl+V department.

It’s hilarious how you claim this is a 'new' and 'real-time' project when it’s basically a 1:1 skin-job of The Largest Open Tibia Server List - otservers.online (https://otservers.online). Calling this an original work is like putting a Ferrari badge on a stolen bicycle.

The only thing 'High Performance' here is how fast you managed to scrape their frontend. If you're going to 'innovate', at least try to change the CSS so it’s not so painfully obvious to everyone. Stop wasting the community's time with low-effort clones."

Interesting perspective. While UI trends in the OT community often converge towards what works (clean, dark, data-dense), claiming the backend is a clone shows a lack of technical analysis.

Unlike the example you mentioned, our 'High Performance' claim isn't marketing fluff. We are running a completely custom-built engine with:

1. Physics-based Latency: We don't use random ping values; we use Haversine formulas for real-time distance calculations based on user location.
2. Optimized SQL Wrappers: Our database queries are built for scale, not copy-pasted legacy code.
3. Real-time Socket Checks: Our status checkers are asynchronous and built from scratch.

Inspiring design layouts is standard in web dev; cloning backend logic is a different accusation entirely—and one that is false here. Feel free to check the actual performance metrics instead of judging the CSS.

 

[Webtimize]

Thanks for the feedback. Calling public GET parameters via a URL isn't a vulnerability; it's standard web behavior. However, enforcing strict access controls (like blocking direct API access via Referer/CORS checks) is part of our roadmap as we move from Preview to Production.

We launched the Preview yesterday explicitly to gather this kind of feedback and stress-test the system. Rest assured, standard hardening is being rolled out daily. If you find actual security exploits (SQLi, XSS, etc.), feel free to report them properly.

Again never said anything about vulnerability. CORS is a default, not a roadmap feature. I wouldn't even care to dissect under the hood because on the surface level it is already shit. That's a service you don't need to rely on as a business. Nothing open to your Tibia brother.

Leeeeech

Post automatically merged: Feb 7, 2026

Interesting perspective. While UI trends in the OT community often converge towards what works (clean, dark, data-dense), claiming the backend is a clone shows a lack of technical analysis.

Absolute donut, he never said you ripped the back-end. It would better if you did. Only thing that looks partially good is the stolen front-end, and where you made edits is obvious.

Front-end And Back-end Difference

For those who think it's easier to annoy you than to Google 'Front-end and back-end difference' themselves.

letmegooglethat.com

Not even going to respond to the bogus shit you said after that

 

[Sigoles]

Again never said anything about vulnerability. CORS is a default, not a roadmap feature. I wouldn't even care to dissect under the hood because on the surface level it is already shit. That's a service you don't need to rely on as a business. Nothing open to your Tibia brother.

Leeeeech

Post automatically merged: Feb 7, 2026

Absolute donut, he never said you ripped the back-end. It would better if you did. Only thing that looks partially good is the stolen front-end, and where you made edits is obvious.

Front-end And Back-end Difference

For those who think it's easier to annoy you than to Google 'Front-end and back-end difference' themselves.

letmegooglethat.com

Not even going to respond to the bogus shit you said after that

"He never said", he = you. "I wouldn't even care" ^^. Im done

 

[Webtimize]

"He never said", he = you. "I wouldn't even care" ^^. Im done

1. You are citing him, not me, neither me nor he ever said you ripped the back-end, just the front-end
2. I wouldn't care to do your pentesting, thats not what a beta is.