• NOTICE: ZooVille's forum software was updated from version 2.2.13 to version 2.3.7 on December 27th, 2025. Expect bugs and hiccups, we are working on getting them fixed:

    List of what's fixed/unfixed: CLICK HERE!
    General information: CLICK HERE!

Zooville Feedback and bug reporting thread.

I can only stay on the site for about 5 minutes before it seemingly routed my IP to a DNS black hole.. I have to keep changing my VPN IP.. I've tried other browsers, checked extensions, and even turned VPN off (I know I know)... I'll be browsing, and suddenly it just goes to a page not found.. No idea what to really do about this or why it's happening.
 
Last edited:
GlimmeringGreen said:
I can only stay on the site for about 5 minutes before it seemingly routed my IP to a DNS black hole.. I have to keep changing my VPN IP.. I've tried other browsers, checked extensions, and even turned VPN off... I'll be browsing, and suddenly it just goes to a page not found.. No idea what to really do about this or why it's happening.
Click to expand...
Turning the VPN off puts you at considerable risk. Using your real IP with default Google DNS and browser javascript enabled would make you comparatively easy to trace if/when this site should ever be compromised and the server seized. Try setting the VPN to Switzerland or Sweden and if you cant use Datacamp servers/DNS through your VPN then use Cloudflare or Quad9 for your DNS.
 
bf100100100 said:
You are not the only one. It's only very recent for me. I keep changing VPN server every minute. Same message as you "Page could not be loaded". I suspect a misconfigured rate limiting function to prevent bots and DDOS attack.

I have an idea of what might be happening:
The server owner might have configured the server to blacklist any IP that performs more than let's say 100 request per minute. Once blacklisted, the server drop your connection until the blacklist timeout is over. You might think "A 100 requests per minute is a lot", but it isn't. You see, loading a single page does not equal 1 request. Every time you load a page, you browser has to load all resource files. That include Javascript files, image files, styling files, and more. So loading a page a single time will produce a burst of let's say 105 requests. Obviously the count will be slightly lower the second time because of cashing, but you can see how easy you can get blacklisted with such a low number.

On the other hand, putting a number higher to fix that will basically render your anti bot or DDOS useless. That's because bots for example do not care about images and other resources. So you allow it to perform 100 or more malicious requests before getting blacklisted.

The solution is to not enforce this rule on resources: any requests that fetch a file that ends with .png, .jpeg, .css, ect... This way you can keep the limit rate low without affecting real website traffic.

I work and manage multiple servers. NGINX, PHP, APACHE2, REDDIS and such... My hope is that a server admin sees this and if it is the issue, it can be fix.
Click to expand...
It would be nice if the anti-flood anti-ddos measurements would work in conjunction with the user that is triggering it.
Valid and verified users should not trigger this thing at all.
And yes, one visit to even the overview generates 30 http(s) requests. Let alone view a thread with media and avatars and stuff.......
 
Der.Zoomer said:
It would be nice if the anti-flood anti-ddos measurements would work in conjunction with the user that is triggering it.
Valid and verified users should not trigger this thing at all.
And yes, one visit to even the overview generates 30 http(s) requests. Let alone view a thread with media and avatars and stuff.......
Click to expand...
Ayo, it's Der.
 
majolica said:
you comparatively easy to trace if/when this site should ever be compromised and the server seized
Click to expand...
If the server is seized by the authorities, the authorities request will also go to the VPN service providers and they will give out the original IP addresses. This is a huge misconception that many people do not understand, VPN is not a security solution. VPN is there to allow you to view sites that are restricted in your country or buy products cheaper. Its protective ability is such that if you click on a thief link similar to the previous case, an angry user will not see your original IP address. It does not protect anything from official proceedings, just like Telegram, Signal, Matrix, or Proton. They all give out user data.

The real IP address also only indicates the geometric center of the nearest city, not the real location. This is usually the location of the ISP's distribution center, but it is not accurate. It is usually 30-40 km off. It can only produce accurate results if someone is stupid enough to allow the browser to query and transmit GPS/GSM data on their phone, and then has to click on the thief's link in the previous case.

This site has been up and running for 6 years, how many indexes do you think have been created since then? Plus, most of it was public. Most ISPs save the logs. People are really unaware of how this works. If you're here this site, you've already been caught.
ba-dumm-tss
 
MashaSobaka said:
If the server is seized by the authorities, the authorities request will also go to the VPN service providers and they will give out the original IP addresses. This is a huge misconception that many people do not understand, VPN is not a security solution. VPN is there to allow you to view sites that are restricted in your country or buy products cheaper. Its protective ability is such that if you click on a thief link similar to the previous case, an angry user will not see your original IP address. It does not protect anything from official proceedings, just like Telegram, Signal, Matrix, or Proton. They all give out user data.

The real IP address also only indicates the geometric center of the nearest city, not the real location. This is usually the location of the ISP's distribution center, but it is not accurate. It is usually 30-40 km off. It can only produce accurate results if someone is stupid enough to allow the browser to query and transmit GPS/GSM data on their phone, and then has to click on the thief's link in the previous case.

This site has been up and running for 6 years, how many indexes do you think have been created since then? Plus, most of it was public. Most ISPs save the logs. People are really unaware of how this works. If you're here this site, you've already been caught.
ba-dumm-tss
Click to expand...
I do agree with you on some level, but some VPN providers do not log your ip and traffic. And some of them operates in countries outside the jurisdiction of countries that would request such data. ProtonVPN and NordVPN is two good choices.

ProtonVPN operates outside the jurisdiction of many countries and claim to not log. NordVPN, while operating within such jurisdiction, do not log traffic, and they have official certification to back this out. There's no law that force them to log traffic within countries they usually operate.

In short, VPN can be a good tool to protect your identity, so long you choose the right one.

To stay on topic, It's also wroth noting that the server itself does not log your ip unless configured to do so on purpose. If they are using temporary IP blacklisting or rate limiting rules, they are mostly stores in volatile memory (ram) which gets cleared out on reboot. The server provider though might log traffic but that depends of the server provider.
 
Damn, looks like everyone else is having the same problem connecting. No idea how long DDOS attacks last, theoretically it has to end at some point, but that could literally be years if there isn’t a way to stop it. I appreciate the mods and everyone else working to fix it, cause unfortunately this is completely out of the hands of all the users.
 
bf100100100 said:
To stay on topic, It's also wroth noting that the server itself does not log your ip unless configured to do so on purpose. If they are using temporary IP blacklisting or rate limiting rules, they are mostly stores in volatile memory (ram) which gets cleared out on reboot. The server provider though might log traffic but that depends of the server provider.
Click to expand...
Web servers generally log them by default. Access and Error logs. Unless they're set to delete after a certain time or not have them at all and just use it when troubleshooting.
To anyone freighted. Web servers do that. They just show what pages were accessed. They don't say what you typed.

Flint said:
Damn, looks like everyone else is having the same problem connecting. No idea how long DDOS attacks last, theoretically it has to end at some point, but that could literally be years if there isn’t a way to stop it. I appreciate the mods and everyone else working to fix it, cause unfortunately this is completely out of the hands of all the users.
Click to expand...
I sent something to SloppyTac0 on the telegram group a couple of days ago, so its whenever he seems it convenient to look after a site hes been hosting for ages.
Xenforo was never fully updated, just the one tiny update when moving servers. So they tells you how often he gives a crap.
 
dogluver101 said:
Web servers generally log them by default. Access and Error logs. Unless they're set to delete after a certain time or not have them at all and just use it when troubleshooting.
To anyone freighted. Web servers do that. They just show what pages were accessed. They don't say what you typed.


I sent something to SloppyTac0 on the telegram group a couple of days ago, so its whenever he seems it convenient to look after a site hes been hosting for ages.
Xenforo was never fully updated, just the one tiny update when moving servers. So they tells you how often he gives a crap.
Click to expand...
You are a 100% right about the logs.
 
For now the only workaround I found is vpn server hopping. But that logs me out, so a bunch of the http request quota is still spent just logging back in and accessing the pages again... I hope the server admins can take a look at this soon, in the current state the forum is basically on slowmode :/
 
horseplougher said:
For now the only workaround I found is vpn server hopping.
Click to expand...
Your VPN and anything you do with it has ABSOLUTELY NOTHING to do with the problem or "solving" it. Any "help" you see from "server hopping" is pure coincidence that the DDOS attack bandwidth abates at the same time you hit the refresh on a new server.
 
horseplougher said:
For now the only workaround I found is vpn server hopping. But that logs me out, so a bunch of the http request quota is still spent just logging back in and accessing the pages again... I hope the server admins can take a look at this soon, in the current state the forum is basically on slowmode :/
Click to expand...
Enjoy it. Its a new feature. Mentioned in the main admin chat group, and no response. So it's whenever its convenient for him. Doesn't bother Sloppytac0, since he never logs in.
 
dartel said:
Your VPN and anything you do with it has ABSOLUTELY NOTHING to do with the problem or "solving" it. Any "help" you see from "server hopping" is pure coincidence that the DDOS attack bandwidth abates at the same time you hit the refresh on a new server.
Click to expand...
I did not say it solves the problem, i just mentioned that it seemed to work in my case. I don't have cysec/webadmin experience so I have no clue about the reasons behind this. If it's as you say though, wouldn't that mean the peak usage times would affect how this issue occurs? I've been trying to use the site throughout the day and the behavior is identical no matter when I do...
 
horseplougher said:
If it's as you say though, wouldn't that mean the peak usage times would affect how this issue occurs? I've been trying to use the site throughout the day and the behavior is identical no matter when I do...
Click to expand...
It's not usage. It's an ATTACK that ASSAULTS the bandwidth. It's not constant, you get disrupted when the attack hits and get through when it abates. How is this so fucking hard to understand?
 
dartel said:
It's not usage. It's an ATTACK that ASSAULTS the bandwidth. It's not constant, you get disrupted when the attack hits and get through when it abates. How is this so fucking hard to understand?
Click to expand...
Eh, whatever. All i did was state my experience with it. No point getting defensive about it, it's out of our control. Plus i'm pretty sure the site isn't under 24/7 successful ddosing, otherwise we wouldn't even be having this conversation. It's highly strict anti ddos measures affecting the usability. But either way let's just move on, not feeling like getting shouted at for free here.
 
I have the same problem, after 5-10 minutes on the site, the connection gets stuck. I have better stability when connecting via tor website.
 
curious_02 said:
I have the same problem, after 5-10 minutes on the site, the connection gets stuck. I have better stability when connecting via tor website.
Click to expand...
You have better stability because the issue is tied to the IP. Something along the way blocks the IP after a certain amount of requests within a specific time frame. I won't get into specifics but when using Tor, the ip changes often as you go through many different nodes.
 
Figured something was going on when I can only look at one thread before I get the error message everyone else seems to be getting.
 
I love browsing exactly three fucking posts before Xenforo decides to play dead and go "problem connecting" for no goddamn reason. Amazing.
 
Hello there,

since a few days I can browse the board for like 3 minutes. After this 3 minutes no part of ZV is loading anymore.
Is this a known problem or is it just for me?

Edit: After using a VPN it is online again. Is ZV blocking my IP for some reason?
 
Last edited:
I've faced this issue too and at first I thought it was because I was being rate limited from clicking too many threads but it would still occur even on my first visit in a few hours or the next day
Perhaps DDOS attacks? Unfortunate if so
 
You must log in or register to reply here.
Back
Top