XenoPanel - Game Managment Control Panel (50% OFF)

Status
This thread has been locked.

XenoPanel

Next Generation Game Control Panel [XenoPanel.com]
Premium
Feedback score
0
Posts
114
Reactions
81
Resources
0
https://xenopanel.com

Price guarantee! We can beat Multicraft, CraftSRV & McMyAdmin Pricing!
(We offer discounts of up to 55% based on the remote machines you have.)

banner.png

XenoPanel is an upcoming game server control panel designed for games such as minecraft, source games, MCPE and more. It can be used by both small-scale servers and large community networks while also giving hosting companies the ability to use XenoPanel as a managing system to monitor and control clients' servers while the clients are free to have full access to the servers they purchase or are given. Are we missing a feature? tell us! We run based on feedback.

XenoPanel is based on PHP and uses screens on remote machines to run the game types. It currently works on CentOS 7 but is also in the process of being tested on Ubuntu and Debian. When searching for a control panel most people look for a panel that's easy to install, uses little resources and offers all the features they need. However, a lot of the currently available control panels use daemons to run, take far too long to install and most the time are missing important features that can save you countless hours trying to get things done such as installing modpacks, versions or plugins. XenoPanel is a center point panel with no files stored on remote machines other than a license key and standard server files while using screens to run the server, meaning all the hard work is done by XenoPanel keeping heavy resource usage on the panel only.

Want to try our demo? http://xenopanel.com?ref=McMarket

Our Discord: https://discord.gg/EgUB2Uk


https://xenopanel.com

 
Type
Offering
Last edited:
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.

XenoPanel

Next Generation Game Control Panel [XenoPanel.com]
Premium
Feedback score
0
Posts
114
Reactions
81
Resources
0
We released v1.0.4.6 with a full revamp of console and controls bringing built in debug and instant support, details about what you are installing and heck tons more! View our full changelog @ https://xenopanel.com/news and try it for yourself at https://xenopanel.com/panel/demo

Here is a little peak at the new console.

5sWidxPC.png
 

XenoPanel

Next Generation Game Control Panel [XenoPanel.com]
Premium
Feedback score
0
Posts
114
Reactions
81
Resources
0

XenoPanel

Next Generation Game Control Panel [XenoPanel.com]
Premium
Feedback score
0
Posts
114
Reactions
81
Resources
0
v1.0.5 is now live on XenoPanel! Details about this HUGE update can be found @ http://xenopanel.com/news

We also have a 50% off sale going using coupon code "SANTA".

From everyone at XenoPanel, have a Merry Christmas!
 

InsertNameHere

OGwebsite.com
Premium
Feedback score
8
Posts
579
Reactions
248
Resources
0
defiantly going to be using this soon!
 

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
A lot of potential but far far far from useable for the public.

When I initially joined Anvilnode and started using XenoPanel, it looked nice. A bit more modern themed compared to Multicraft but other than that, I don't have much positive to say. Literally the only thing positive is the colors and the layout.

- The UI has many flaws and non-logical placement of certain links and buttons.
- The console is extremely buggy and laggy. It has a delay due to it grabbing output from the latest.log instead of the Java instance directly.
- The buttons and console of the panel are not good at all. The whole panel becomes unresponsive for specific servers at some point. When that's the case, we were forced to log in to our server through SSH and force reboot the server to maybe get it fixed.
- The file manager isn't working in a lot of cases. For a handful of clients the filesize of a file is 0kb after uploading through the web file manager.
- The node page was extremely buggy in a lot of cases and simply unusable.
- In a lot of cases, a server would not shutdown after being suspended or terminated.
- Can't login to sub users from client list
- Failed to bind port issues happening to a lot of people
- Can't kill servers with dedicated IPs
- FTP details aren't correct for sub users
- And so on......

I can go on and on. These are the bugs that would have been okay in an Alpha release. But not a release that's meant for production and hosting companies. On daily basis we would be getting a handful of tickets where people would report issues and bugs with XenoPanel. Additional tickets is not really what we needed when we have a 600 client hosting company to maintain.

The first time, I forwarded an issue with a client to Liam, the main developer. He didn't really help me much so that was a lost case. I wasn't the only one, Tom from Anvilnode was also reporting bugs in the past without much success.

After a few bugs, we've decided to stop accepting new orders for XenoPanel and just made all new clients Multicraft again.

However, that's not the end. Today we made a horrendous discovery that there's an exploit with XenoPanel which allowed logins to the Admin panel only knowing the admin username. Luckily, we were able to act quickly and shut down our webserver to prevent damage from unauthorized access. As I'm writing this, we're in the process of moving all our XenoPanel clients over to the more stable and safe Multicraft.

Another thing I'm really noticing is a lack of proper management. Liam hasn't been the most friendly support person I've ever talked to. Besides that, I see them implementing new features every update... Why? Bugs are much more important than feature requests. Get the base of the panel working properly first before adding features which people can live without just fine.

I suggest everyone stays away from XenoPanel for a few months until they release a somewhat more useable version. They lost my trust for sure!
 

XenoPanel

Next Generation Game Control Panel [XenoPanel.com]
Premium
Feedback score
0
Posts
114
Reactions
81
Resources
0

Hello,

I'm going to do my best to middle man style this however I'm going to give details of what I've been told and shown.

The most important thing to note would be the version you guys are using. XenoPanel is currently 1.0.5.1, 1.0.5.2 in a few days and with that being said we redid a lot of our core code in the 1.0.5 update that was recommended to be updated onto at every chance possible with Hugh as you guys are around 3+ versions behind and sadly yes, an exploit was found a few hours before you yourself found out and as explained by Liam in Discord, he was just at the end of confirming what versions were affected and it was shown the lower versions had this possible exploit, but it didn't effect account passwords, Just the knowledge of the username was used. Now saying that, I'm not saying the exploit is not a problem, we take security as priority and when the possible exploit we did everything possible to test and keep contained however the person who REPORTED the exploit, told his boss and then proceeded to test on two other hosts, this has been since contained and to our knowledge the exploit has not been released and we have been working to get everyone updated to the latest confirmed safe version.

Moving alone, Bugs, issues etc you are having aside from the File Manager 50/50 issues that we are already 75% done with the revamp on this, as you are around 3 versions behind a lot of the issues you guys had were fixed in the 1.0.5 update as part of our huge changes and we spent our time on the update to add some features that helped the experience but as you could see from our change log, we fixed a LOT of the known bugs, any bug someone reports is always noted and we look into each one.

Nothing is perfect and we are always working hard to make the experience of XenoPanel better no matter if it's bugs, support or features. We are still quite new and Liam was beyond "pissed" when he was alerted about the possible exploit on the older versions as he is very OCD when it comes to security but it is indeed patched on the latest versions when we redid the login system to work better so this exploit was never found until the day everyone found out.. Liam found out just 2-3 hours before announcement were made and emails sent out to each client.

We've got a long year ahead of us in terms of updates and we are dedicated to ensure the panel gets a much cleaner and better experience however like everything, it has ups and downs... Prime example would be WHMCS and the issues they had in the past, everyone still uses them and even a lot of other panels have had a rocky step in the rock. We learn, we correct, and we move forward to better what we have done.

I'm sorry about the experience you have and I wish you the best of luck in the "takeover" of AnvilNode.

Kind Regards,
George
 

Fishfish0001

Feedback score
4
Posts
41
Reactions
106
Resources
0
However, that's not the end. Today we made a horrendous discovery that there's an exploit with XenoPanel which allowed logins to the Admin panel only knowing the admin username. Luckily, we were able to act quickly and shut down our webserver to prevent damage from unauthorized access. As I'm writing this, we're in the process of moving all our XenoPanel clients over to the more stable and safe Multicraft.

I'm surprised no one has mentioned the fact that their v1.0.5 release included a fix to start encrypting passwords for FTP accounts and nodes. So every version prior to this was just storing passwords to nodes and FTP accounts in plaintext in the database. And now, theres a login exploit where you don't need an account password to login, and on top of that their Discord chat is suddenly locked down and no one is allowed to speak in any channels other than the pre-sales channel.

Nothing is perfect and we are always working hard to make the experience of XenoPanel better no matter if it's bugs, support or features. We are still quite new and Liam was beyond "pissed" when he was alerted about the possible exploit on the older versions as he is very OCD when it comes to security but it is indeed patched on the latest versions when we redid the login system to work better so this exploit was never found until the day everyone found out.. Liam found out just 2-3 hours before announcement were made and emails sent out to each client.

Calling a commercial panel production ready without performing a basic security audit? I mean, exploits are somewhat expected in this day and age, but an exploit of this magnitude is something else, and appalling. Especially when combined with the fact that passwords were not being encrypted previously. One would think if you took security that seriously you wouldn't ship a product until such a fundamental issue was sorted.
 

XenoPanel

Next Generation Game Control Panel [XenoPanel.com]
Premium
Feedback score
0
Posts
114
Reactions
81
Resources
0
I'm surprised no one has mentioned the fact that their v1.0.5 release included a fix to start encrypting passwords for FTP accounts and nodes. So every version prior to this was just storing passwords to nodes and FTP accounts in plaintext in the database. And now, theres a login exploit where you don't need an account password to login, and on top of that their Discord chat is suddenly locked down and no one is allowed to speak in any channels other than the pre-sales channel.



Calling a commercial panel production ready without performing a basic security audit? I mean, exploits are somewhat expected in this day and age, but an exploit of this magnitude is something else, and appalling. Especially when combined with the fact that passwords were not being encrypted previously. One would think if you took security that seriously you wouldn't ship a product until such a fundamental issue was sorted.
Unsure why you decided to pop by but no offence, you honestly cannot talk about security can you? Just a little bit ago you had an issue where you didn't notice people could close a popup for 2fa and bypass it right?
Like you said, exploits are somewhat expected in these years but I find it a little rude and contradicting you jumping on here :)
 

Fishfish0001

Feedback score
4
Posts
41
Reactions
106
Resources
0
Unsure why you decided to pop by but no offence, you honestly cannot talk about security can you? Just a little bit ago you had an issue where you didn't notice people could close a popup for 2fa and bypass it right?
Like you said, exploits are somewhat expected in these years but I find it a little rude and contradicting you jumping on here :)

Sure, but that didn't let people login to an account without a password. Additionally, it was addressed and made publicly available rather than shutting down the entire chat :) I also wasn't storing passwords in plain text.

I'm also not pushing a paid product in production mode. I also don't see how holding a company to basic security standards is rude.
 
Last edited:

XenoPanel

Next Generation Game Control Panel [XenoPanel.com]
Premium
Feedback score
0
Posts
114
Reactions
81
Resources
0
Sure, but that didn't let people login to an account without a password. Additionally, it was addressed and made publicly available rather than shutting down the entire chat :) I also wasn't storing passwords in plain text.

I'm also not pushing a paid product in production mode.
The exploit is on versions lower than 1.0.5, the update to add FTP and Node password Encryption was indeed in 1.0.5 but even if someone logged in using the exploit on the versions without the encryption then they still wouldn't be able to see these passwords as that's the Database, they don't see any of that. You are always saying it like we have 0 encryption, We had and had encryption on logins etc but previously couldn't encrypt node passwords etc because this would cause the nodes not to connect and we did our huge overhaul in 1.0.5.

My point being, You fellas have had a lot of security issues, this is indeed our first one, No matter the scale only one person has currently used this Exploit and it's a support rep of the company who found this exploit on the lower version, we have since taken action and alerted everyone just like you would, the chat shutdown to ensure people saw the "Read the announcement" message.
 

schrej

Feedback score
0
Posts
3
Reactions
13
Resources
0
Just a little bit ago you had an issue where you didn't notice people could close a popup for 2fa and bypass it right?
You fellas have had a lot of security issues

As you already pointed out the only released security issue Pterodactyl had until now, as far as I'm aware of. I don't have to do that again. Also, that issue, while being quite critical, did only lower the security of the login process, and not allow you to skip it completely.

Does your Panel really have no advantage compared to Pterodactyl and you have to accuse it of having "a lot of security issues" and point out that this was your first and only one? Just to make you look better?
I would also call storing ssh & ftp passwords unencrypted a rather critical security flaw and with that, I somehow don't believe that OCD stuff as someone with a sane mind regarding security would not even think about storing that kind of stuff unencrypted. It's just dumb. I personally would try avoid having to store such passwords at all and rather connect using additional software with special access keys that do not compromise the whole system when they get lost.

Unsure why you decided to pop by but no offence, you honestly cannot talk about security can you?
Everybody can talk about security. Wether you made mistakes in the past or not. Also it is rather important how you handle your security issues. Making them public and explaining everything and leaving a place for people to get help is the right way imho. And i'm sure you could just have an announcements channel for that kind of important information and don't have to close all discord chats for everyone to see that.
 
Last edited:

XenoPanel

Next Generation Game Control Panel [XenoPanel.com]
Premium
Feedback score
0
Posts
114
Reactions
81
Resources
0
As you already pointed out the only released security issue Pterodactyl had until now, as far as I'm aware of. I don't have to do that again. Also, that issue, while being quite critical, did only lower the security of the login process, and not allow you to skip it completely.

Does your Panel really have no advantage compared to Pterodactyl and you have to accuse it of having "a lot of security issues" and point out that this was your first and only one? Just to make you look better?
I would also call storing ssh & ftp passwords unencrypted a rather critical security flaw and with that, I somehow don't believe that OCD stuff as someone with a sane mind regarding security would not even think about storing that kind of stuff unencrypted. It's just dumb. I personally would try avoid having to store such passwords at all and rather connect using additional software with special access keys that do not compromise the whole system when they get lost.
As spoken about above, this issue with unencrypted ftp passwords was changed a few versions ago and in the large 1.0.5 update we did, anything possible is now encrypted and has been since that update.
 

schrej

Feedback score
0
Posts
3
Reactions
13
Resources
0
As spoken about above, this issue with unencrypted ftp passwords was changed a few versions ago and in the large 1.0.5 update we did, anything possible is now encrypted and has been since that update.
I just wanted to point out that you, in fact, had two security issues already. Not only one.
 

XenoPanel

Next Generation Game Control Panel [XenoPanel.com]
Premium
Feedback score
0
Posts
114
Reactions
81
Resources
0
Is it possible to make the panel a bit more responsive with smaller screen sizes?
We are working on this for the next update :) It's been something we have slowly been working on but the plan currently would be the next update released some changes to file manager, source games, responsiveness and a few other tweaks :) Stay Tuned!
 

Cryptoxic

Configurator & Setup Specialist
Supreme
Feedback score
13
Posts
307
Reactions
95
Resources
0
The Demo does not currently work. I'd like to check out your panel but not till i see either a demo or try it out. The reviews im seeing are a little good and bad, is there anyway i can try it for myself?
 

58445

Deactivated
Feedback score
-1
Posts
51
Reactions
38
Resources
0
The Demo does not currently work. I'd like to check out your panel but not till i see either a demo or try it out. The reviews im seeing are a little good and bad, is there anyway i can try it for myself?

I would suggest not using this panel, it is buggy, it has many security issues and it is not worth the money, I spend 10 euro's on it and I just got ripped of. No refund, no help nothing. I'm gonna try to get my money back through paypal though (Wish me luck...)
 
Status
This thread has been locked.
Top