# Nexim Web Hosting Email Spam - GVH Client Database



## DomainBop (Feb 27, 2015)

drmike said:


> Ahhhhhhhh I feel like I missed something @DomainBop.   Who spammed who with what?


Today's drama starts with linuxthefish asking on the LET GVH/XFuse thread: _"Did anyone else get an email from Nexim web hosting to the email account they used on GVH SolusVM?"_


----------



## drmike (Feb 27, 2015)

DomainBop said:


> Today's drama starts with linuxthefish asking on the LET GVH/XFuse thread: _"Did anyone else get an email from Nexim web hosting to the email account they used on GVH SolusVM?"_


Yeah I now know what happened and haven't said the F*CK word so many times in 5 minutes in a long time.

Someone who use to be involved in GVH and owns said company deserves some time in a pair of handcuffs and some legalized sodomy to break his ass into the real world.


----------



## Kris (Feb 27, 2015)

DomainBop said:


> Today's drama starts with linuxthefish asking on the LET GVH/XFuse thread: _"Did anyone else get an email from Nexim web hosting to the email account they used on GVH SolusVM?"_


That little shit in Colorado, I'll go back there and find him myself. Received this shit this morning to an email address only ever used at GVH.


----------



## HalfEatenPie (Feb 27, 2015)

Howdy folks!

Just posting here to let you know I've moved these posts into their own thread from here:


----------



## MannDude (Feb 27, 2015)

This just gets more and more funny.

How'd that kid get those email address to begin with? Are you saying random ex-GVH employees have copies of DBs or what?


----------



## Kris (Feb 27, 2015)

MannDude said:


> This just gets more and more funny.
> 
> How'd that kid get those email address to begin with? Are you saying random ex-GVH employees have copies of DBs or what?


Yes. Ex employee dropepd the DB and imported the emails into MailChimp. He's in for a world of hurt.


----------



## DomainBop (Feb 27, 2015)

I posted this on the other thread but will repeat it here for anyone who doesn't know Nexim owner Kaushal Subedi's relationship to GVH .  He was a contractor for GVH last year who held various titles (and used various names) while working for GVH:  _"Vice President of Operations", "Chief Technology Officer", "Steve Wilson"_ .  He was the main GVH tech guy for awhile last year, including during the security incidents in April (mass password reset triggered by poor security) and June (database breach, hacking again caused by piss poor security) , and had full access to all databases and customer data during the time he worked for GVH.


----------



## drmike (Feb 27, 2015)

DomainBop said:


> I posted this on the other thread but will repeat it here for anyone who doesn't know Nexim owner Kaushal Subedi's relationship to GVH .  He was a contractor for GVH last year who held various titles (and used various names) while working for GVH:  _"Vice President of Operations", "Chief Technology Officer", "Steve Wilson"_ .  He was the main GVH tech guy for awhile last year, including during the security incidents in April (mass password reset triggered by poor security) and June (database breach, hacking again caused by piss poor security) , and had full access to all databases and customer data during the time he worked for GVH.


Yeah that sounds very proximate, about right.  

Believe me, if this was me doing this GVH deal, Nexim would be cutting a check right now or turning their business over.

Unsure why Kaushal would do something so stupid at this point where massive attention on GVH.   By doing such, he's going on spam lists, soiling his brand for a long time, and ruining any positive reputation he had.

This indeed was why I was F-bombing a bit ago.  Thanks to @DomainBop for bringing this forward on here.  I don't actively keep up with LET these days.  In fact today I was supposed to tune out of vpsB also to address piles of work.


----------



## MannDude (Feb 27, 2015)

How old is he anyway? I called him a 'kiddy host' on Twitter ( https://twitter.com/vpsBoard/status/571392118700298241 ) because it seems that all of those who worked with GVH in the past were teenagers minus a select couple... Certainly a kiddy/skiddy move on his part regardless of age. But the lack of concern and forethought in how this would pan out is indicative of the actions and mindset of a teen.


----------



## HalfEatenPie (Feb 27, 2015)

And...

This shows the quality of individuals who were involved with GVH.  While being hired as a contractor to GVH he also takes the database and uses it for his own "project".  

In addition, this reflects poorly on Johnnyboy because he obviously doesn't know how to select and find quality individuals to hold and manage his customers' private data.  Seriously, this is incredibly alarming.  I don't know how many individuals were involved with GVH but if a single person were able to run off with the WHMCS database then this is a major issue.  

You all see how shoddy this entire deployment was.  Handing out WHMCS Admin access willy nilly.  Unethical employees who don't care about the customer or even the business itself and instead only care about themselves.  Business "owner" and//or managers who failed to actually do their job and manage their employees to minimize vulnerabilities, whether software, hardware, or social.  

Like I said, I would never touch GVH with a 20 foot pole.  Another big worry is if the only remaining support tech will do the same thing as his colleague.  The caliber of people GVH Jon hired are absolutely unethical and terrible.  I think the phrase goes "If it looks like shit, smells like shit, and feels like shit, you don't have to actually eat it to know it's shit."  I don't know why anyone would be a client of GVH.


----------



## northhosts (Feb 27, 2015)

I can't believe the downright stupidity of giving so many people that amount of access to whmcs.


----------



## drmike (Feb 27, 2015)

MannDude said:


> How old is he anyway? I called him a 'kiddy host' on Twitter ( https://twitter.com/vpsBoard/status/571392118700298241 ) because it seems that all of those who worked with GVH in the past were teenagers minus a select couple... Certainly a kiddy/skiddy move on his part regardless of age. But the lack of concern and forethought in how this would pan out is indicative of the actions and mindset of a teen.


Late teens to early 20's.  I believe he's an active college student.



MannDude said:


> How old is he anyway? I called him a 'kiddy host' on Twitter ( https://twitter.com/vpsBoard/status/571392118700298241 ) because it seems that all of those who worked with GVH in the past were teenagers minus a select couple... Certainly a kiddy/skiddy move on his part regardless of age.


Hey RobertClarke lol'ed at the post shortlink   = http://vpsb.in/skidspam


----------



## Lee (Feb 27, 2015)

drmike said:


> Someone who use to be involved in GVH and owns said company deserves some time in a pair of handcuffs and some legalized sodomy to break his ass into the real world.


An often very over used "get out" card.  I stole your database and mailed all your clients because you never made me sign an NDA.

http://lowendtalk.com/discussion/comment/549816/#Comment_549816


----------



## Francisco (Feb 27, 2015)

~Lee~ said:


> An often very over used "get out" card.  I stole your database and mailed all your clients because you never made me sign an NDA.
> 
> http://lowendtalk.com/discussion/comment/549816/#Comment_549816


So he's more or less admitting to yoinking the DB?

I mean, there's obviously people in there with a [email protected]<THEIRDOMAIN.TLD> kinda email so it's pretty obvious where they got the list.

Still, how did the guy still have enough access to get in there to pull a dump?

Francisco


----------



## mikho (Feb 27, 2015)

Francisco said:


> So he's more or less admitting to yoinking the DB?
> 
> 
> I mean, there's obviously people in there with a [email protected]<THEIRDOMAIN.TLD> kinda email so it's pretty obvious where they got the list.
> ...


In that post he is not talking about GVH database, he "helped"/worked for another company during his time at GVH.


Other business owners username at LET: @sunn.


----------



## Francisco (Feb 27, 2015)

mikho said:


> In that post he is not talking about GVH database, he "helped"/worked for another company during his time at GVH.
> 
> Other business owners username at LET: @sunn.


What a fustercluck.

Francisco


----------



## Lee (Feb 27, 2015)

His story is now



> Guys, after some investigation here is what I found. I had supplied the seo company with a list of emails that i had extracted from databses backups on my computer for nexim. Looks like it included the solusvm databse from gvh when i was working with them. I take responsiblilities for everything that happened and I should have been more careful about filtering which backups to scrape emails from.
> 
> So yes, I did make a mistake and learnt from it, and I apologize to everyone who got the emails. I did not mean to do any harm or cause any trouble, and I should have been more careful.


----------



## drmike (Feb 27, 2015)

~Lee~ said:


> An often very over used "get out" card.  I stole your database and mailed all your clients because you never made me sign an NDA.
> 
> http://lowendtalk.com/discussion/comment/549816/#Comment_549816


paste or screencap please... Behind the great login firewall of LET


----------



## drmike (Feb 27, 2015)

~Lee~ said:


> His story is now


.... is bullshit.


----------



## DomainBop (Feb 27, 2015)

KSubedi on LET...




> Guys, after some investigation here is what I found. I had supplied the seo company with a list of emails that i had extracted from databses backups on my computer for nexim. Looks like it included the solusvm databse from gvh when i was working with them. I take responsiblilities for everything that happened and I should have been more careful about filtering which backups to scrape emails from.
> 
> So yes, I did make a mistake and learnt from it, and I apologize to everyone who got the emails. I did not mean to do any harm or cause any trouble, and I should have been more careful.



At most real companies, including mine, if an ex-employee made an admission that they're in possession of their former employers database that they'd have the FBI knocking on their door.



> I don't know how many individuals were involved with GVH but if a single person were able to run off with the WHMCS database then this is a major issue.


I've always just assumed that there wasn't a single person who worked for GVH who didn't run off with a copy of their database 



> the actions and mindset of a teen.


The lack of concern for privacy and protecting customer data does seem to be fairly common among younger prepubescent hosts like Jonny (and the lack of concern for the "sanctity" of data is an attitude shared by many of their customers).  Maybe its because many of them use their computers and servers primarily for entertainment and don't understand that yes, Virginia, people and companies really do keep important data that their lives and business depend on stored on their VPS's and dedicated servers and Cloud thingees: customer data, company and employee data and  records, etc.

*edit:*



> mikho said _"Other business owners username at LET: @sunn."_


@MannDude, could we ban @mikho for calling that clown Sunn a "business owner"?  Calling Sunn a business owner tarnishes the image of all business owners.


----------



## Lee (Feb 27, 2015)

DomainBop said:


> could we ban @mikho for calling that clown Sunn a "business owner"?  Calling Sunn a business owner tarnishes the image of all business owners.


You ban my bitch and there will be repercussions.


----------



## Francisco (Feb 27, 2015)

Yeah i'm not sure why they'd be given ACL access within solus to even be able to *dump* the database. While it is clunky and excessive, Solus does have an ACL system in place. You can control pretty much every single thing.

So why did anyone besides Lance & Jonny have access to this? I could see Eric as well but he seems to be MIA now.

Francisco


----------



## drmike (Feb 27, 2015)

Francisco said:


> Yeah i'm not sure why they'd be given ACL access within solus to even be able to *dump* the database. While it is clunky and excessive, Solus does have an ACL system in place. You can control pretty much every single thing.
> 
> 
> So why did anyone besides Lance & Jonny have access to this? I could see Eric as well but he seems to be MIA now.


Probably cause Jonny depended on other folks to run his shop.  Also probably failed to have common sense auditing, process of revoking credentials, etc.   This garbage happens in shops, common, sadly.

Lance, who is Lance?  Eric, who is Eric?


----------



## Kris (Feb 27, 2015)

*I doubt it was Solus, but a WHMCS dump with the emails extracted. *

Lance never really had anything to do with things but the papers.

Jon started GVH himself, I remember his tickets back at HVH. No Lance anywhere, never ticketed in. 

Only when GVH started making the insane deals and was probably groomed by CC did they get one of his friends to be the official 'CEO' and owner, while Jon still ran everything. Hence why I think it's a CC-pass through.

I'm sure Lance hasn't had much of anything to do with GVH until it's time to sign papers / talk with Duke.


----------



## drmike (Feb 27, 2015)

Kris said:


> *I doubt it was Solus, but a WHMCS dump with the emails extracted. *
> 
> Lance never really had anything to do with things but the papers.


Unsure what Kaus used, but he clearly violated multiple laws.   Have to be running a pretty shitty failco to go trying to attract GVH VPS customers (assuming that he grabbed Solus dbase).

Lance, teehee  that poor guy.  Look at what shows up front side in Google:

https://www.google.com/search?q=lance+jessurun

Poor guys name match in Google images up top is basically this:







I mean, that's going to do wonders with future professional employment and interviews.  How do you explain all that stuff on the interwebs to normal folks?   H8rs right ....  Probably best to claim identity theft.

Eric sure disappeared at the right time.  That guy was the second coming of and now is the invisible man.  I think a UFO abducted him.


----------



## Lee (Feb 27, 2015)

drmike said:


> Unsure what Kaus used, but he clearly violated multiple laws.   Have to be running a pretty shitty failco to go trying to attract GVH VPS customers (assuming that he grabbed Solus dbase).
> 
> Lance, teehee  that poor guy.  Look at what shows up front side in Google:
> 
> ...


Poor guy?  Nah don't think so. His Linkedin page says

President and CEO

GreenValueHost

If he is happy to parade himself as the president and CEO then he should have acted like one.


----------



## drmike (Feb 27, 2015)

I am wondering if the LET crowd is going to torch, bomb, legally spank Nexim? 

I saw people talking like such.


----------



## aggressivenetworks (Feb 27, 2015)

@drmike I already alerted the D.A. Office in Boulder County, CO to make them aware of this fiasco. But I have to follow up the Colorado State Attorneys Consumer Fraud division to see what any kind of legal action can be taken against this "Cluster Fuck" of a company.  He practically stole the customers information, but Identity theft laws will not cover this from what I have seen in some law books.


----------



## Francisco (Feb 28, 2015)

Jonny's in a real pickle if @aggressivenetworks or anyone else pressures their SA's.

Jonny has to decide who's ass to save - Nexim's or his own. If he saved Nexim's, it's going to get out that 'Jonny authorized Nexim to use their client database *even though he hasnt worked for them since December*' or he covers himself (the smart move), is honest, & scumbag Nexim gets nailed to the cross.

I'm sorry but are you seriously telling me that the kid wrote a mass file search that parsed for email addresses and that's how the GVH database got mixed into it? There's a league of legends meme going around right now called BIG SORRY, and that's what I see this brat saying.

If you want to put in the first nail, run this to WHT and you're going to see one, or both, of them swimming in ban territory i'm sure. The only company i've seen get away with stealing someones client list and emailing it was BlackLotus and they still got a 6+ page hate thread over it. You put anything related to GVH up there and the nodes might catch fire.

Francisco


----------



## DomainBop (Feb 28, 2015)

Francisco said:


> The only company i've seen get away with stealing someones client list and emailing it was BlackLotus and they still got a 6+ page hate thread over it.


When Burst took VolumeDrive's DB and emailed its customers only a handful of people on WHT called them out for it..the rest of the idiots were too busy lapping up the bullshit Shawn was spewing.

When Shawn was forced out of Burst after its creditors took over he took the Burst customer email lists with him which were not his to take and emailed everyone on the list when he started his next hosting company...and once again most people on WHT gave him a pass.



> Jonny has to decide who's ass to save - Nexim's or his own. If he saved Nexim's, it's going to get out that 'Jonny authorized Nexim to use their client database *even though he hasnt worked for them since December*' or he covers himself (the smart move), is honest, & scumbag Nexim gets nailed to the cross.


Jonny could cover himself on WHT but he can't cover (protect) himself (GVH) where it counts: in the court room.  Even if Nexim got nailed to the cross, a customer whose info was breached could still sue GVH for negligence over the breach (alleging GVH's failure to properly screen employers/contractors and its poor corporate security policies directly contributed to the breach).

edited to add: do I think either Nexim or GVH will be looking at a lawsuit? No, because the typical "low end" customer isn't going to sue (as witnessed by CVPS's multiple breaches)


----------



## Aldryic C'boas (Feb 28, 2015)

...what makes you think this was even a breach?  This _IS_ dipshit Jonny we're talking about.  Were I to cast a wager, I would put it on that Nexim never 'stole' the list to begin with, but rather went up to Jonny and said _"Give you 100$ for that list of emails."_ - and Jonny, always desparate, jumped right on that to finance his creeper habits.


----------



## lbft (Feb 28, 2015)

drmike said:


> Someone who use to be involved in GVH and owns said company deserves some time in a pair of handcuffs and some legalized sodomy to break his ass into the real world.


Was it really necessary to bring the old prison rape line into this discussion? In my opinion it only detracts from your (otherwise correct) argument that this data breach and misuse deserves punishment.


----------



## lbft (Feb 28, 2015)

Francisco said:


> So why did anyone besides Lance & Jonny have access to this? I could see Eric as well but he seems to be MIA now.


Same reason as any other GVH-related dumbness: because they probably never thought about the consequences.


----------



## drmike (Feb 28, 2015)

lbft said:


> Was it really necessary to bring the old prison rape line into this discussion? In my opinion it only detracts from your (otherwise correct) argument that this data breach and misuse deserves punishment.


It was an intentional word play @lbft

"Someone who use to be involved in GVH and owns said company deserves some time in a pair of handcuffs and some legalized sodomy to break his ass into the real world."

[SIZE=13.63636302948px]Literally, a play on the common adage of being f'd by the system; to indicate legal action which smashes one completely. [/SIZE]

I'd never advocate such a form of assault like the inferred misread.   But I would encourage folks like him with repetitive disregards for customers, their data, etc. be collared and roughed up.  Years ago, someone would have literally kicked his ass for this stuff and that probably would have stopped on the insanity.

Of course it's fine to violate customers rights and abuse them freely though.  Literally f'ing them after arguably robbing them, considering just how many GVH customers have signed up, tried the services and left dissatisfied.

I have no sympathy.  If I my data was in his database, I'd smash the kid and his imaginary friend / CEO Casper Jessurun.  Again F-them, customers have rights and lieu of them, they can catch a left and a right fist.  

Can't leave Kaushal and Nexim Web Hosting out of it either.  They were the ones who did the big dirty reappropriation of the GVH data.   Again, a friendly game called Punchout would be suitable, one round.



lbft said:


> Same reason as any other GVH-related dumbness: because they probably never thought about the consequences.


Like I always moan about, time to hold companies accountable.   Not accountable, then I guess it's time we drive them out of business.



DomainBop said:


> When Burst took VolumeDrive's DB and emailed its customers only a handful of people on WHT called them out for it..the rest of the idiots were too busy lapping up the bullshit Shawn was spewing.
> 
> When Shawn was forced out of Burst after its creditors took over he took the Burst customer email lists with him which were not his to take and emailed everyone on the list when he started his next hosting company...and once again most people on WHT gave him a pass.


Burst's insanity.   

The VolumeDrive database got over on folks since it was vD doing a runner, not communicating, etc.  That situation in hindsight was multiple levels of retarded on both sides.   Both companies should have been set on fire.

The post Burst new Arcus company and spamming, we jumped on Shawn about that and he showed up here to discuss.   Haven't heard much from him, but, ideally his karma account and bank account are balanced in being deficient - as it relates to re-roping prior customers via SPAM.


----------



## Chatahooch (Feb 28, 2015)

Ouch.


----------



## drmike (Feb 28, 2015)

Chatahooch said:


> Ouch.



I was just chuckling thinking about folks like being discussed here.   Just imagine if they ran retail businesses like this.   Imagine being busted for selling off or giving customer details to the business down the road.   Imagine these guys dealing with people in real life, at the register, at the return desk.  

That would be something I'd pay to watch, as it would either be entirely hilarious or it would be these folks tripping on themselves to beg forgiveness.


----------



## MattKC (Mar 1, 2015)

drmike said:


> The post Burst new Arcus company and spamming, we jumped on Shawn about that and he showed up here to discuss.   Haven't heard much from him, but, ideally his karma account and bank account are balanced in being deficient - as it relates to re-roping prior customers via SPAM.


I'm actually surprised we have not heard any more from Arcus since then. I still don't buy the exit happened as he claims, there were too many oddities with the story and people involved.


----------



## Jasson.Pass (Mar 2, 2015)

Seems like a lot of companies do this now and always get away with it so the process repeats.


----------



## drmike (Mar 2, 2015)

Jasson.Pass said:


> Seems like a lot of companies do this now and always get away with it so the process repeats.



I think this is because people don't hold these companies accountable.   Easy to say, 'going to sue'.  Hardly anyone takes the action though.

Big piece is people don't know their rights and what remedies are available to them (me included).

Whole emphasis on privacy is about to swell up all over.  Because of stuff like this and mass data collection and the misfits using all of it for less than good purposes.


----------



## DomainBop (Mar 2, 2015)

Jasson.Pass said:


> Seems like a lot of companies do this now and always get away with it so the process repeats.


<puts on WHT voice> Have you checked the offers section?

Many people only check the offers section on forums, and so  sleazy providers are able to get away with xx and yy and zz because...

_*Posting Rules*_


Anyone found to be intentionally "trashing" or "trolling" in another user's advertisement thread will be suspended. Negative comments on advertisements are not allowed. For example, if you think the price is too high or the design isn’t good, leave the ad for other people to form their own opinions. If you think the offer is fraudulent, please contact the helpdesk.

...and many potential customers never venture into the other parts of the forum...until there is a problem.

TL;DR Nexim posted a bunch of offers on WHT last night and the odds are very few of the people signing up will have bothered to do their research and they won't be aware of Nexim's "accidental" use of the GVH customer database...so, he "gets away with it".


----------



## MannDude (Mar 2, 2015)

Looks like this was never mentioned on WHT in general, and was isolated to vpsB and LET only. =/


----------



## aggressivenetworks (Mar 2, 2015)

I already started a post with a general low down of their shady ass practices on wht vps section.


----------

