Multicraft Or Petrodactyl

Status
This thread has been locked.
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.

Dann

Managing Director @ PebbleHost
Supreme
Feedback score
49
Posts
867
Reactions
762
Resources
0
As noted before by Teconica, They will prob don't fix their security issues. It isn't a very safe panel if you don't secure your .env file and they don't tell you how to secure it in their documentation, Luckily I knew that I needed to secure that file. The only thing they care about is to add new features asap and let them be broken for the rest of the panels life.
Couldn't agree more, Part of the problem being is that the core functionality of Pterodactyl has not been finished, Its a bit like trying to build a house without good foundations sure the house might look good on top but eventually it will start to crack and fall down.
 

Xaos

×-× | Proud Owner Of | ×-× Gaming4Free
Premium
Feedback score
12
Posts
442
Reactions
194
Resources
0
I would like to react to the following Quote's


So true, My clients were experiencing the same issues. NOTE! I got OpenVZ working on Pterodactyl and they said remove it or we will cancel supporting you, That's not how a company normally offers support.


**cheaper plans** Kuch kuch, Look at pebble hosting they still can run their servers. for $1 and now on Multicraft. I don't see the issue in cheaper plans, People like to pay for reliability and security. Multicraft offers just that.



As noted before by Teconica, They will prob don't fix their security issues. It isn't a very safe panel if you don't secure your .env file and they don't tell you how to secure it in their documentation, Luckily I knew that I needed to secure that file. The only thing they care about is to add new features asap and let them be broken for the rest of the panels life.

NOTE! This is my opinion, You may hate me or like me. But I am with Dann and Teconica
Although I could agree with some of the issues with Pterodactyl they shouldnt be a big turn down point for people who use the panel for a network or for ( semi-large ) hosts. I'm sure that for Pebblehost the issues were to much to handle considering the amount of servers they host but for other semi-large hosts its completely manageable.

The security point is completely not true. It's by far the most secure panel to hosts games on and they only really faced 1 major security breach and they managed to fix it within days and they managed the problem professionally and brought out a big post explaining the issue a few weeks later to make sure everyone upgraded the panel before they brought the issue to light.
 

Dann

Managing Director @ PebbleHost
Supreme
Feedback score
49
Posts
867
Reactions
762
Resources
0
I'm sure that for Pebblehost the issues were to much to handle considering the amount of servers they host but for other semi-large hosts its completely manageable.

This is the problem and the pitfall, its manageable at a small scale for a host sure, But what if that host gets big? Its then got to deal with a huge move from Pterodactyl to Multicraft which could of been totally avoided, Exactly what we're now finding out.
 

Fishfish0001

Feedback score
4
Posts
41
Reactions
106
Resources
0
I generally don't follow along with things on this site, but I feel the need to respond to some things that were said here and clarify some serious one-way streets that have formed when it comes to Pterodactyl.

All of the users above haven't run the panel on a large scale at all, the amount of issues with it, unfixed bugs and broken sections is unprecedented. The development of the panel has slowed down recently on top of all of that.
Yeah sure, the panel might look nicer but are you going to sacrifice a nice looking panel and in turn get a broken half developed panel that breaks half the time?

[...] Here are just a few of the many issues you may run into;

Stuck on installing, PLTD, Void worlds, FTP Errors, Mismatch ID Token for FTP, Server Stuck on Attaching, Failing to rebuild containers.

I'd like to point out that your company has, to my knowledge, only reported 12 issues on Github. Of those 12, only three were ever determined to be bugs with the software, a few were feature suggestions that were either implemented or closed with valid reasons as to why we would not be completing them, and the remaining handful could not be reproduced or were ultimately solved by upgrading the software.

At no point in your use of this project did I ever see a report on our easily accessible and frequently mentioned bug tracker about issues with SFTP ID mismatches, installations getting stuck, whatever you mean by PTDL, whatever a void world is, servers being stuck attaching, or failing to rebuild. While some of these issues were reported in private, I always pointed to the Github repository as a significantly better way to track and respond to issues. I also took a significant chunk of time out of my schedule to sit down with Pebblehost and help migrate to a newer version and then go through your Panel and seek out areas for performance improvement, for free, because I care about the software I build and wanted to provide the best possible expierence not only for you, but for the community at large.

I am not denying that your company encountered issues running Pterodactyl at the scale you were. However, I find you placing all of the blame for these issues on Pterodactyl as a whole an incredibly jaded attitude. There are plenty of hosts running Pterodactyl at scale who have been able to report issues in a manner that leads to them being resolved, or implemented custom features and codebases that have allowed them to scale effectively. Stop throwing your company's size around like its some type of competition, its not. The exaggerations about the next largest host having a tiny amount of nodes and servers is absurd.

As other people have mentioned here, Pterodactyl does have some stability issues, but that's what happens when you run a beta version of any software in a production environment. Multicraft on the other hand has literally years of stability behind it, but that will likely happen with Pterodactyl in an equal amount of time.

Can the problems in Pterodactyl be fixed? Yes.
Will they be fixed fast? Probably not.
Are the Devs slowing down? Maybe a little, but otherwise no. There's a significant difference in the addition of new content and the optimization of currently in place code.

I suppose I did not make this as clear to users of the project as I could have, but development has not ceased, and there are zero plans to cease development in the foreseeable future. I have been moving cross-country and settling into both a new home and a new job, so yes development is slowed. I attempted to communicate this to users of the project, but that was perhaps not done in the most efficient or clear way possible. But overall I see where you were going and your statement is valid. Development has slowed temporarily, yes. There has also been a decrease in raw output of new features as I've been focused on improving the underlying code-base to make future development quicker and promote internal platform stability.

So true, My clients were experiencing the same issues. NOTE! I got OpenVZ working on Pterodactyl and they said remove it or we will cancel supporting you, That's not how a company normally offers support.

Pterodactyl is not, and never has been, a company offering paid support in any official manner. At no point were you told to "remove OpenVZ," nor would we have any reason to "cancel supporting you." From my search of our audit logs, you simply received laughs from members of the community for trying to run a host using OpenVZ on a platform that makes it expressly clear that it is not supported. I stand behind every member of Pterodactyl's support and project teams, and your statement is an insult to the people who volunteer hundreds of hours combined to support a free project on their own time.

As noted before by Teconica, They will prob don't fix their security issues. It isn't a very safe panel if you don't secure your .env file and they don't tell you how to secure it in their documentation, Luckily I knew that I needed to secure that file. The only thing they care about is to add new features asap and let them be broken for the rest of the panels life.

Securing your environment is on you, not us. We have made it extremely clear throughout this project's documentation and support channels that you are expected to be able to administrate your server and perform basic security hardening and ensuring that your environment is secure. Yes, we made a mistake and picked a directory structure that could expose private files to public parties when you didn't remove default web-server configuration files. Blaming Pterodactyl as a whole however is just shifting the blame from yourself to someone else.

The fact that you're running a hosting company and expect an open-source, not-for-profit piece of software to provide you with a detailed guide on how to setup and secure your server is concerning. You did not know that you needed to secure that file, as is evidenced by the deleted messages in our Discord from earlier this month.

I'm not even sure how to respond to your last sentence there, I have never rushed to release new features which is pretty obvious if you keep up with the project release cycles at all. Or just look at the change log. I'm not sure what you're pointing at as being "broken for the rest of the panel's life" but that is not how this project operates, and its exactly why we have a publicly accessible issue tracker and a Discord community to help support and point people in the correct direction.

Couldn't agree more, Part of the problem being is that the core functionality of Pterodactyl has not been finished, Its a bit like trying to build a house without good foundations sure the house might look good on top but eventually it will start to crack and fall down.

Pterodactyl has also not even reached version 1.0 and is developed by people in their free time as a personal project. So yes, if that makes us a house without a foundation, then so be it.

It is easy to find problems with software that is provided to the community free of charge with no restrictions on its use or modification. Its easy to shift the blame onto developers and community members who pour hundreds of hours of personal time into its development and maintenance. It is difficult to accept responsibility for some issues or step up to the plate and contribute back to projects that support your for-profit company.

Before I part here, I'd like to contribute some reading that I feel puts my thoughts into much better words and should be read by anyone making use of open-source software in any manner.

https://nolanlawson.com/2017/03/05/what-it-feels-like-to-be-an-open-source-maintainer/
https://caddy.community/t/the-realities-of-being-a-foss-maintainer/2728

Here’s the brutal truth for 99.9% (* not an actual figure) of open source projects, folks: you (the user of an open source project) need and rely on the project more than the maintainers do. Do not make the mistake of thinking that maintainers are emotionally tied to their projects. Definitely don’t call it their ‘baby’.

So, you have it backwards. Remember, these changes are being made because Caddy is not sustainable as-is. I don’t make a living from it. Up till now, I’ve enjoyed working on it, so sure, I’d like to make a living from it when I finish grad school. I, along with most FOSS maintainers, have nothing to lose.

Remember that next time you think you can weaponize a project’s potential (or lack of) success against its owner or maintainers.
 
Last edited:

schrej

Feedback score
0
Posts
3
Reactions
13
Resources
0
Very professional. To be fair: They also opened an issue about that.
hzbqVhL.png
 

AutoJukebox

Feedback score
0
Posts
1
Reactions
3
Resources
0
Let me give you my two cents. I've run Pterodactyl for my hosting company since April 13th, 2017. I've gone through the multiple updates, upgrades, and issues during the last year and none of the issues that have happened and that Pterodactyl itself caused were on the scale I reached that was client losing or major. Right now I run a good amount of servers and I haven't experienced any panel related bugs since before 0.6.4. The staff at Pterodactyl have done nothing but help me, I've personally asked extremely dumb questions and still got a good response.

Regarding Panel Rebuild Failures & Server Installation Failures

This was a big issue for me back in late 2017-early 2018 and Flatron from the Pterodactyl support team helped me every step of the way, We were able to diagnose and find the issue in a few days which we ended in realizing it was to do with our Kernel and Docker version on one of our nodes, Completely unrelated to Pterodactyl but Flatron still helped me through the process. To this day we still have a few rebuild errors but they usually instantly go away and I will be providing Parker with more details to see if it's still an issue just with us.

Sure, I have stupidly blamed Pterodactyl for my issues in the past but I have come to realize now that if you take enough time to look into the issue and diagnose what is going on you can generally fix any bug.

Regarding the upgrade to 0.7.6

The biggest reason we haven't upgraded is that we have so many custom features we would have to make major changes to, and I do not want to redo everything unless I know 0.7.6 will work for what my company's needs are. I will most likely start the upgrade process once the SFTP bug is fixed.

Regarding Pterodactyl's scalability

For a free, open source panel, Pterodactyl scales great, I've run hundreds of servers with little to no issues, The rebuild error (as explained in-depth above) happens maybe once every 30 servers and instantly goes away. and I have never received a mass amount of tickets with panel errors, Sure maybe we have a completely different age group in our client-base and that's why.

I'm sure with the "scale of your company" you run into issues, But I don't think it is because of Pterodactyl. If your company is so large, Why not invest in a custom solution that will 100% fit your company's needs? (Like Elliot from Legendary Hosts)
 

drizzy.vip

Supreme
Feedback score
-3
Posts
241
Reactions
109
Resources
0
Pterodactyl is awesome, if you know what you're doing. We're running a pretty high demand setup & have been able to easily modify it to add features. It does take some fine tuning & changes to run at scale, primarily with docker & the docker registry. This wouldn't be an issue for general consumers, due to how infrequently it happens.

Using a platform like Multicraft is useful if you're looking to make money. The reality is that hosts using Multicraft aren't able to provide much value to the market. They are unable to innovate and develop new tools which make their solution better than the next.

If you're looking to innovate, and push things forward in some way, you need a solution you have control over. Companies like NFO, Multiplay Game Servers, Xenon Servers, operated in a time when the game hosting panel market was bare, and had little choice but to make their own panels, and look at them now. NFO & Multiplay also innovated in other ways, notably NFO's DDoS mitigation & Multiplays ground-breaking game panel.

Things like unique & high grade bandwidth, DDoS mitigation & hardware kept a lot of hosts going for a while, but with companies like OVH and more bringing this stuff to the market at such a effective price, it's now just a standard that game servers run on specific high grade hardware, with high end DDoS mitigation & low latency bandwidth.

Ultimately Game Hosting is now a software game. It's no longer about who has the latest hardware, everyone is able to get access to this stuff in the same locations. It's no longer about DDoS protection - mitigation is becoming a global effort & it's down significantly, with almost all hosts providing game specific mitigation which is objectively becoming very impressive.

If you want to do something more than make some money, software is where it's at - and that's what makes Pterodactyl so great. It's an awesome foundation to build from - allowing smaller teams to now do what would have otherwise been impossible. There is little point in re-creating the wheel, and Pterodactyl is entirely capable of being transformed into an at scale beast with more features than hosts using easy solutions like MultiCraft, TCAdmin, etc.

Any host should expect to put some work into a free open source project if they're going to be taking peoples money using it. Your customers depend on the game panel to use what they're paying for, and it's the hosting companies responsibility entirely to maintain and manage that when they're using an open source project fork.

FOSS maintainers don't typically depend on their projects. Even if the Ptero maintainers depended on it, they're not responsible for the service you provide your customers. I would expect any service provider to test any changes and upgrades before they roll them out, and be ready to maintain and take full responsibility of their own companies services.

I understand this, that's why I'm saying if it's in your free time, and you're not willing to bend in the slightest with everything going on in your life, it's simply not our panel to use.

I admit, this stuff does piss me off. You guys took & used Pterodactyl, and got in over your head. Not enough testing took place and/or you were unable to maintain the free software you decided to offer your paying customers.
You should be grateful they provided free software instead of implying you have any right to even expect the FOSS maintainer to "bend" to your will.

As Pebble keep talking about their immense scale I went ahead and counted. We're running more servers than you guys list on your monitoring page with Pterodactyl right now.
It's so reliable & so impressively stable I wrote them a blog post about it. Our customers also constantly talk about how much they love it in our reviews.

They're not running at some unseen scale, that's just the scape-goat to in turn blame Pterodactyl, because they could never have tested the scale you were running at... It's not their job to test that - that's what your customers pay you to do.

As a final note - the people talking about security issues are grossly misleading. The .env security issue would only happen if you're incompetent & don't fully understand what you're doing. It's not on Pterodactyl to also teach you basic sys admin.
Pterodactyl have fixed the true security vulnerabilities rapidly, and ethically handled the disclosure. They were identified because Pterodactyl is open source, and a good actor reported the issues. The .env isn't something they need to fix, that's something you need to learn about, and not expose yourself.

PebbleHost had their .env file exposed for a while, and someone made them aware - these are not the people you want to listen to for security advice, seriously.

It's sad that you guys are throwing Pterodactyl under the bus just to save-face. It's easier to blame the people developing a free open source project in their spare time instead of accepting responsibility for deploying an untested solution, failing to maintain and improve the situation when things started going wrong, in turn disrupting your customers service as a result. Accepting responsibility is hard.
 
Last edited:

drizzy.vip

Supreme
Feedback score
-3
Posts
241
Reactions
109
Resources
0
So yes, to respond to this specific post, it is something that was exposed

Even if nothing was exposed (which I doubt), how can people be expected to trust you now? You guys released no information that I could find to your customers about the issue. I can't find a post mortem - it almost looks like you tried to cover it up by deleting messages in Discord honestly.
 

drizzy.vip

Supreme
Feedback score
-3
Posts
241
Reactions
109
Resources
0
I've asked you to be mature about the decision for us to move off of pterodactyl.

I don't care what panel you guys use, get over yourselves. I just don't like it when you're trying to throw Pterodactyl under the bus, and infer they're responsible for your own security oversights and poor management.
 

Rouing

The only SysAdmin worth his salt
Supreme
Feedback score
41
Posts
245
Reactions
276
Resources
0
What a shit load of drama and misinformation. First question I have is: If you do not know the basics of running a server, WHY ARE YOU HOSTING A PANEL? The .env issue can be easily fixed with proper permissions setups. Off the top of my head, there is about 100 different ways I could've figured to fix the issue. If you are flaunting your permissions around, then you have a whole other issue. Another thing is; it was patched. Multicraft can have the EXACT same issues if permissions and controls are not setup. Honestly, hosting companies should be preforming audits and have access control systems in place anyways. PCI-DSS, Security Certs, etc etc etc etc.

Pterodactyl is a great panel. It is not a single minded panel limited to a specific game and is only limited by your ability to create simple bash scripts and use docker. It is very well designed and documented with a great community at its heart. Being FOSS, it can be audited by anyone at will and this gives it a major bonus. Not only that but its extremely easy to edit and is very receptive to peoples opinions (it being the development lead) unlike its counterpart; Multicraft. Considering that the panel hasn't even reached version 1, I feel people are being very unfair too. It has gone far in a short amount of time.

If you are having issues covering up vulnerabilities that are strictly related to your web server and not the application itself, you need to step down as a "Backwater Minecraft System Administrator". You need to reevaluate your business plan and move away from just being a cash grab and look into the future.

I am working with Legendary Hosts on an entire 100% custom panel and we are dumping the right amount of money and time into setup in an attempt to be 100% compliant with local laws, PCI-DSS, and GPDR along with various other security measures. This has been a works in progress for over a year. If you cant spend the time to do that, you shouldn't be hosting.

This is my opinion, all rights reserved to their respective parties.
 

drizzy.vip

Supreme
Feedback score
-3
Posts
241
Reactions
109
Resources
0
That justified for you to come out and attempt to start a shit show that you never understood in the first place?

No - I did this because I'm interested in calling out bad actors in the hosting sphere. Pterodactyl was simply the catalyst that bought you to my attention. Pebble deserves to be given some shit after the attempt to shift blame & inability to accept responsibility. That's without going into the lack of attention to security & then failure to report a potential security issue which is critical to your clients.

You make it sound like the exploit that happened to your server was small. It wasn't far from exposing all your customers records, along with a lot more information. This isn't a "minor exploit". Whatever makes you feel better - I don't care. Your paying customers deserve better.
 

Rouing

The only SysAdmin worth his salt
Supreme
Feedback score
41
Posts
245
Reactions
276
Resources
0
I would expect you to comment on this, but you have no place to even talk about anything we do. You're a problem within and of itself and I like how you assume that *I* said pterodactyl was a trash panel. I never said this, infact, I still support the project. However, we won't be using this in a production environment and we'll be switching to multicraft and tcadmin. We're a business, and we much rather put forward the money for multicraft then to invest into Pterodactyl. Sorry if you disagree.
I assumed nothing. I spoke in a generic form without directly quoting anyone. Assumptions will be made at your own clause and degree. Do NOT project. It will not work. And of course I am a problem, the internet would be boring without problems like this. But please, throw up your flame shield at all levels and ignore the issue at hand.
 
Status
This thread has been locked.
Top