I am kind of surprised that there has been no comment in this thread from @stromonic so I am going to ramble a little.
Looking at No. 20(3)/2022-CERT-In I see this in regards to Stromonic's responsibilities .
v) Data Centres, Virtual Private Server (VPS) providers, Cloud Service
providers and Virtual Private Network Service (VPN Service) providers,
shall be required to register the following accurate information
which must be maintained by them for a period of 5 years or longer
duration as mandated by the law after any cancellation or withdrawal of
the registration as the case may be:
a. Validated names of subscribers/customers hiring the services
b. Period of hire including dates
c. IPs allotted to / being used by the members
d. Email address and IP address and time stamp used at the time of
registration / on-boarding
e. Purpose for hiring services
f. Validated address and contact numbers
g. Ownership pattern of the subscribers / customers hiring services
I think that @stromonic may be seeing "Validated" and assuming "KYC" rules, but I expect this is not what is meant in the above rule because in the next paragraph KYC rules are clearly stated ...
(vi) The virtual asset service providers, virtual asset exchange providers and
custodian wallet providers (as defined by Ministry of Finance from time to
time) shall mandatorily maintain all information obtained as part of Know
Your Customer (KYC) and records of financial transactions for a period of
five years so as to ensure cyber security in the area of payments and
financial markets for citizens while protecting their data, fundamental
rights and economic freedom in view of the growth of virtual assets.
For the purpose of KYC, the Reserve Bank of India (RBI) Directions 2016
/ Securities and Exchange Board of India (SEBI) circular dated April 24,
2020 / Department of Telecom (DoT) notice September 21, 2021 mandated
procedures as amended from time to time may be referred to as per
Annexure III.
The rule does state what is required under KYC (paragraph vi), but does not provide a definition of "Validated" as stated in paragraph v.
I expect that "Validated" in the first paragraph could be considered matching the PayPal/Credit Card/ Bank Info name and address info with client info on record. Or other reasonable methods so the provider would not be considered negligent in attempting to "Validate" customer information. By enforcing KYC rules for paragraph v I expect Stromonic is just trying to make sure they cover their ass. Unfortunately locking people out of being able to manage or cancel their services without any notice, and without options for clients that do not want to comply with this new Stromonic policy leaves me thinking this may have been done for more insidious reasons. Without any comment in this thread from Stromonic we can only guess as to the real reasons behind this action.
EDIT: After not receiving any response to my DM for 20 hours. I decided to send them a ticket to see if they had any answers on how clients who did not wish to comply with their new requirement could end their relationship with @stromonic amicably . Submitting a ticket in the billing panel can still be done, unfortunately you can't see any responses to the ticket after submission because it just goes back to the screen requesting ID documents.
@AuroraZero said:
Here is the biggest problem I have with shit like this, especially when a government is involved, what standards are required to safe guard such data?
What standards are being utilized to keep it safe?
What is the vetting process on such systems?
How can I trust that this information won't be on every hacking website in less than 24 hours?
Does every company doing business in said country have to comply or just the ones based there?
This kind of thing is getting stupid in my opinion. Do I have to give you ID if I buy something from you in person?
no. there's nothing on security or privacy
it's govt. mandate, you'll know their system are shit, saving few $ aren't going to cut it if your naughty papers get leaked
@AuroraZero said:
Here is the biggest problem I have with shit like this, especially when a government is involved, what standards are required to safe guard such data?
What standards are being utilized to keep it safe?
What is the vetting process on such systems?
How can I trust that this information won't be on every hacking website in less than 24 hours?
Does every company doing business in said country have to comply or just the ones based there?
This kind of thing is getting stupid in my opinion. Do I have to give you ID if I buy something from you in person?
no. there's nothing on security or privacy
it's govt. mandate, you'll know their system are shit, saving few $ aren't going to cut it if your naughty papers get leaked
I meant the hosts systems not the Government.
Yes I do know theirs are shit I used to work for mine.
It seems like @stromonic has locked the support ticket section, so while you can submit a ticket, you won't be able to see any previous tickets or respond to them. On top of that, their WHMCS emails don't seem to be functioning properly. Strangely, I haven't received any emails from them since October 2022, except for promotional emails. I also submitted a ticket (#170172) about their forced KYC process, but unfortunately, none of their staff members have gotten back to me yet. So, maybe it's time to wait and see if @stromonic's support team responds.
Kind of sad this has to be my first post on LES.
First up I am affected by this KYC as I bought a yearly subscription from Stromonic on March 7th 2023 and received the email about KYC today aswell. I already made a ticket requesting 45 days refund, since I am not willing to give out my ID or simular due to privacy reasons and I currently have no way of managing my domain or hosting in their panel anymore (also I can see the list of my tickets, but can't click into them as it redirects me to the KYC page instead). Btw not sure if its relevant to the KYC thing, but in case it is - I am from germany (and used no vpn while registering and set country to germany aswell).
However whats even more shady is the following.
I originally selected the included domain "dan.xyz" and was quite happy to see its still available.
When I checked it on whois there was no record yet and (obviously) browsing to it would lead to a page not found type of error aswell at the time.
However it appears they have stolen my domain and are right now selling it through a auction via sav.com.
They also claimed it was a "premium domain" in a ticket that I posted 2 days after renting the hosting + free domain and that was the supposed reason. As you can see in the following screenshots the domain got registered on the exact same day as my purchase of the domain and updated date in whois most likely just reflects the time they swapped the domain over to sav.com to make money out of my domain.
Invoice Email:
Whois of dan.xyz:
Also here is a screenshots of the tickets list, I can't screenshot the content of the tickets tho since the KYC and I have not received any email about the content of the "domain still pending" ticket either.
I feel like being scammed, most likely because I have been. Unless this is common practise and legally totally fine. Or have I missed something important here?
They haven't been collecting GST from Indian clients either. Might be a lot of legal mess as officials have become more strict and the taxation system has become more strict & vigilant.
Now that I re read that Sept 2022 discussion, there is a bigger issue.
@stromonic mentioned 90 percent of their clients are outside India. Which means they will have to file for LUT for which GST and PAN is needed. Dealt with that for four years as a consultant and now for gaathastory .
They haven't been collecting GST from Indian clients either. Might be a lot of legal mess as officials have become more strict and the taxation system has become more strict & vigilant.
Now that I re read that Sept 2022 discussion, there is a bigger issue.
@stromonic mentioned 90 percent of their clients are outside India. Which means they will have to file for LUT for which GST and PAN is needed. Dealt with that for four years as a consultant and now for gaathastory .
@AlwaysSkint said:
P.S. @vyas there is no plural of proof, AFAIK (although anything is possible in legal jargon!)
Not to be "that guy", but I like studying languages so I'm going to add something to this...
If you are proving different things, then you have multiple proofs (e.g. math/maths questions). The word proof was also commonly used as test print for newspapers etc, and if you had several of those, they'd collectively be called proofs. Now everything is digital, this meaning might have fallen out of use though.
However, you're right that if your objective is to prove a single thing (your identity in this case), then multiple pieces of evidence for that are collectively known as proof.
There are other examples of this kind of thing where the usual collective noun is different to the actual plural, e.g. person, people, persons, peoples. More than one person is usually people, but persons is also a word. Person is used for a specific individual, even if their identity isn't known, and so the plural is often used by the police when looking for a specific group of people that could be identified even if their identity is currently unknown (e.g. they have CCTV footage and know they are looking for 3 suspects, but they don't know who they are yet), whereas people is used for a collective group of people where you generally can't readily identify a specific person (e.g. they have CCTV footage of a group of people). Peoples refers to more than one instance of a collection of people, e.g. "the peoples of the USA and of Europe".
@FrankZ said:
For the moment the Hosting Provider tag and all offer threads have been removed from LES public view for this provider.
Not deleted. All offer threads of this provider have been hidden from public view for the moment.
Oh! my bad!
I raised the query back then so that @stromonic would maybe fix it (get its ducks in a row) but instead they made it worst by chest-thumping on something which isn't good to put in public -_-
Still find it very strange that @stromonic did this and is not making any comments here in regard to locking everybody's client panel account.
No reply to my DM from Wendsday.
No reply to this thread.
No reply to my ticket from yesterday.
@FrankZ said:
Still find it very strange that @stromonic did this and is not making any comments here in regard to locking everybody's client panel account.
No reply to my DM from Wendsday.
No reply to this thread.
No reply to my ticket from yesterday.
Anybody else have anything new to add ?
Only this and it ia goibg to sound weird as hell buy whatever, I have never received a good vibe out of these hosts that are pulling shit.
I just said something like this in the Pit while talking to @MichaelCee. None seem trustworthy anymore, like they don't give the vibe of being serious.
There is something off in the way they do things and their approach to doing business.
I thought it was my paranoia kicking in but it seems it may have been instinct.
Oh man, if only they'd known of this law change prior to the sale 🤔
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
@RTB said:
Kind of sad this has to be my first post on LES.
First up I am affected by this KYC as I bought a yearly subscription from Stromonic on March 7th 2023 and received the email about KYC today aswell. I already made a ticket requesting 45 days refund, since I am not willing to give out my ID or simular due to privacy reasons and I currently have no way of managing my domain or hosting in their panel anymore (also I can see the list of my tickets, but can't click into them as it redirects me to the KYC page instead). Btw not sure if its relevant to the KYC thing, but in case it is - I am from germany (and used no vpn while registering and set country to germany aswell).
However whats even more shady is the following.
I originally selected the included domain "dan.xyz" and was quite happy to see its still available.
When I checked it on whois there was no record yet and (obviously) browsing to it would lead to a page not found type of error aswell at the time.
However it appears they have stolen my domain and are right now selling it through a auction via sav.com.
They also claimed it was a "premium domain" in a ticket that I posted 2 days after renting the hosting + free domain and that was the supposed reason. As you can see in the following screenshots the domain got registered on the exact same day as my purchase of the domain and updated date in whois most likely just reflects the time they swapped the domain over to sav.com to make money out of my domain.
Invoice Email:
Whois of dan.xyz:
Also here is a screenshots of the tickets list, I can't screenshot the content of the tickets tho since the KYC and I have not received any email about the content of the "domain still pending" ticket either.
I feel like being scammed, most likely because I have been. Unless this is common practise and legally totally fine. Or have I missed something important here?
Most likely what happened with your domain is that it automatically registered it since the price is set in their whmcs as fixed, but the registrar they’re reselling charged them a shit ton since it’s a “premium domain” (a desirable one that is sold at a higher price due to having a certain characteristic such as a short length or something like that. More info here: https://kb.porkbun.com/article/41-what-are-premium-domains). Then they realized what happened after they got the bill and probably tried to recoup their money. I could be wrong though, that’s just my guess. Sorry that you got screwed
@bruh21 said: I could be wrong though, that’s just my guess.
You're most likely correct.
3 letter .xyz is definitely premium priced domain. I checked randomly several non registered 3-letter .xyz domains via namecheap.com search.
The cheapest are around $600, average around $10.000 but some went all up to the $30.000 for the first year of the registration. Plenty of them are still available, so not really desired for the price with this extension.
This must be one really painful registration by mistake for the host unless registry allow domain tasting and domain can be cancelled within 5 days of grace period for a small fee (I am not sure how those new gTLDs are regulated).
@FrankZ said:
Still find it very strange that @stromonic did this and is not making any comments here in regard to locking everybody's client panel account.
No reply to my DM from Wendsday.
No reply to this thread.
No reply to my ticket from yesterday.
Anybody else have anything new to add ?
Only this and it ia goibg to sound weird as hell buy whatever, I have never received a good vibe out of these hosts that are pulling shit.
I just said something like this in the Pit while talking to @MichaelCee. None seem trustworthy anymore, like they don't give the vibe of being serious.
There is something off in the way they do things and their approach to doing business.
I thought it was my paranoia kicking in but it seems it may have been instinct.
I've been getting a bit of the same vibe as well, but I have always leaned toward helping the new providers get started. It is expected that some of them are going to have problems or fail, but this no contact running away, or pulling scammy shit like what happened with NVMeNetworks is starting to get old. Personally I probably will not be as quick to sign up with newish providers from now on. It really is a shame that these providers ruin it for the next guy that come along.
@FrankZ said:
Still find it very strange that @stromonic did this and is not making any comments here in regard to locking everybody's client panel account.
No reply to my DM from Wendsday.
No reply to this thread.
No reply to my ticket from yesterday.
Anybody else have anything new to add ?
Only this and it ia goibg to sound weird as hell buy whatever, I have never received a good vibe out of these hosts that are pulling shit.
I just said something like this in the Pit while talking to @MichaelCee. None seem trustworthy anymore, like they don't give the vibe of being serious.
There is something off in the way they do things and their approach to doing business.
I thought it was my paranoia kicking in but it seems it may have been instinct.
I've been getting a bit of the same vibe as well, but I have always leaned toward helping the new providers get started. It is expected that some of them are going to have problems or fail, but this no contact running away, or pulling scammy shit like what happened with NVMeNetworks is starting to get old. Personally I probably will not be as quick to sign up with newish providers from now on. It really is a shame that these providers ruin it for the next guy that come along.
Some of the new ones I don't get the vibe from and I am willing to help. Just some of them give me the trying to hard vibe and the approach doesn't feel genuine.
We all started out as newbs and I understand that all to well, but starting out means just that starting out. Don't try to be something you are not and push to be the best out of the gate. Listen to the people and learn being touted as one of the best comes later.
Sad thing is I get the vibe more often then not and it is from people I have never heard of before. It's like the Summer Host Syndrome is full year round anymore.
Yes, I received an email like this, and if I don't verify, I won't be able to take any further actions, or even get a refund. So, I had to naïvely upload my personal information as requested. Is there any risk involved? Could you give me some advice?
Comments
I am kind of surprised that there has been no comment in this thread from @stromonic so I am going to ramble a little.
Looking at No. 20(3)/2022-CERT-In I see this in regards to Stromonic's responsibilities .
I think that @stromonic may be seeing "Validated" and assuming "KYC" rules, but I expect this is not what is meant in the above rule because in the next paragraph KYC rules are clearly stated ...
The rule does state what is required under KYC (paragraph vi), but does not provide a definition of "Validated" as stated in paragraph v.
I expect that "Validated" in the first paragraph could be considered matching the PayPal/Credit Card/ Bank Info name and address info with client info on record. Or other reasonable methods so the provider would not be considered negligent in attempting to "Validate" customer information. By enforcing KYC rules for paragraph v I expect Stromonic is just trying to make sure they cover their ass. Unfortunately locking people out of being able to manage or cancel their services without any notice, and without options for clients that do not want to comply with this new Stromonic policy leaves me thinking this may have been done for more insidious reasons. Without any comment in this thread from Stromonic we can only guess as to the real reasons behind this action.
EDIT: After not receiving any response to my DM for 20 hours. I decided to send them a ticket to see if they had any answers on how clients who did not wish to comply with their new requirement could end their relationship with @stromonic amicably . Submitting a ticket in the billing panel can still be done, unfortunately you can't see any responses to the ticket after submission because it just goes back to the screen requesting ID documents.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
no. there's nothing on security or privacy
it's govt. mandate, you'll know their system are shit, saving few $ aren't going to cut it if your naughty papers get leaked
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
I meant the hosts systems not the Government.
Yes I do know theirs are shit I used to work for mine.
Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
It seems like @stromonic has locked the support ticket section, so while you can submit a ticket, you won't be able to see any previous tickets or respond to them. On top of that, their WHMCS emails don't seem to be functioning properly. Strangely, I haven't received any emails from them since October 2022, except for promotional emails. I also submitted a ticket (#170172) about their forced KYC process, but unfortunately, none of their staff members have gotten back to me yet. So, maybe it's time to wait and see if @stromonic's support team responds.
Sign up at Dynadot [aff], spend $9.99 within 48 hours, and get $5.00 DynaDollars for domain registrations!
Kind of sad this has to be my first post on LES.
First up I am affected by this KYC as I bought a yearly subscription from Stromonic on March 7th 2023 and received the email about KYC today aswell. I already made a ticket requesting 45 days refund, since I am not willing to give out my ID or simular due to privacy reasons and I currently have no way of managing my domain or hosting in their panel anymore (also I can see the list of my tickets, but can't click into them as it redirects me to the KYC page instead). Btw not sure if its relevant to the KYC thing, but in case it is - I am from germany (and used no vpn while registering and set country to germany aswell).
However whats even more shady is the following.
I originally selected the included domain "dan.xyz" and was quite happy to see its still available.
When I checked it on whois there was no record yet and (obviously) browsing to it would lead to a page not found type of error aswell at the time.
However it appears they have stolen my domain and are right now selling it through a auction via sav.com.
They also claimed it was a "premium domain" in a ticket that I posted 2 days after renting the hosting + free domain and that was the supposed reason. As you can see in the following screenshots the domain got registered on the exact same day as my purchase of the domain and updated date in whois most likely just reflects the time they swapped the domain over to sav.com to make money out of my domain.
Invoice Email:
Whois of dan.xyz:
Also here is a screenshots of the tickets list, I can't screenshot the content of the tickets tho since the KYC and I have not received any email about the content of the "domain still pending" ticket either.
I feel like being scammed, most likely because I have been. Unless this is common practise and legally totally fine. Or have I missed something important here?
Thank you for your comments @RTB . Please keep us updated if you receive any responses to your ticket.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
Name and number if someone needs to reach them . Jay and Hosting dont play ball !!
blog | exploring visually |
LoL the content of this email are confidential . Try to ask for the refund as you can't comply with the rule. Let see what they respond.
Currently Using Hetzner , OVH , Buyvm , Webhorizon , Hyonix , ConnectIndo
For the moment the Hosting Provider tag and all offer threads have been removed from LES public view for this provider.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
So this KYC only apllies only to those who have server in India, not those who have business with an Indian Company.
https://microlxc.net/
Maybe thats how it should be. Im from germany and still got the KYC.
btw, since when are they selling cpanel and whmcs licenses? Found this in their Terms of service lol
Probably they have been selling "cheap cpanel licenses" before on another domain and forgot to delete that part.
What a mess..again.
Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
never liked their gimmicks
I bench YABS 24/7/365 unless it's a leap year.
@stromonic right now
lex.st - Free Shared Hosting in 4 Locations. fk ipv6.
... and now my comment/thread is deleted?
@LES-Moderator why is the thread deleted?
ExoticVM.com - Find VPS in exotic locations! | MonitorDNS.com - domain for sale!
Probably something to do with this.
lex.st - Free Shared Hosting in 4 Locations. fk ipv6.
Not deleted. All offer threads of this provider have been hidden from public view for the moment.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
Not to be "that guy", but I like studying languages so I'm going to add something to this...
If you are proving different things, then you have multiple proofs (e.g. math/maths questions). The word proof was also commonly used as test print for newspapers etc, and if you had several of those, they'd collectively be called proofs. Now everything is digital, this meaning might have fallen out of use though.
However, you're right that if your objective is to prove a single thing (your identity in this case), then multiple pieces of evidence for that are collectively known as proof.
There are other examples of this kind of thing where the usual collective noun is different to the actual plural, e.g. person, people, persons, peoples. More than one person is usually people, but persons is also a word. Person is used for a specific individual, even if their identity isn't known, and so the plural is often used by the police when looking for a specific group of people that could be identified even if their identity is currently unknown (e.g. they have CCTV footage and know they are looking for 3 suspects, but they don't know who they are yet), whereas people is used for a collective group of people where you generally can't readily identify a specific person (e.g. they have CCTV footage of a group of people). Peoples refers to more than one instance of a collection of people, e.g. "the peoples of the USA and of Europe".
^ A pedant and I can't argue with that.
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
Oh! my bad!
I raised the query back then so that @stromonic would maybe fix it (get its ducks in a row) but instead they made it worst by chest-thumping on something which isn't good to put in public -_-
ExoticVM.com - Find VPS in exotic locations! | MonitorDNS.com - domain for sale!
Still find it very strange that @stromonic did this and is not making any comments here in regard to locking everybody's client panel account.
No reply to my DM from Wendsday.
No reply to this thread.
No reply to my ticket from yesterday.
Anybody else have anything new to add ?
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
there is storm-onics coming.
Only this and it ia goibg to sound weird as hell buy whatever, I have never received a good vibe out of these hosts that are pulling shit.
I just said something like this in the Pit while talking to @MichaelCee. None seem trustworthy anymore, like they don't give the vibe of being serious.
There is something off in the way they do things and their approach to doing business.
I thought it was my paranoia kicking in but it seems it may have been instinct.
Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
are other suppliers from india also affected?
@visualwebtechno and @Abdullah statement please.
Oh man, if only they'd known of this law change prior to the sale 🤔
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
Most likely what happened with your domain is that it automatically registered it since the price is set in their whmcs as fixed, but the registrar they’re reselling charged them a shit ton since it’s a “premium domain” (a desirable one that is sold at a higher price due to having a certain characteristic such as a short length or something like that. More info here: https://kb.porkbun.com/article/41-what-are-premium-domains). Then they realized what happened after they got the bill and probably tried to recoup their money. I could be wrong though, that’s just my guess. Sorry that you got screwed
You're most likely correct.
3 letter .xyz is definitely premium priced domain. I checked randomly several non registered 3-letter .xyz domains via namecheap.com search.
The cheapest are around $600, average around $10.000 but some went all up to the $30.000 for the first year of the registration. Plenty of them are still available, so not really desired for the price with this extension.
This must be one really painful registration by mistake for the host unless registry allow domain tasting and domain can be cancelled within 5 days of grace period for a small fee (I am not sure how those new gTLDs are regulated).
I've been getting a bit of the same vibe as well, but I have always leaned toward helping the new providers get started. It is expected that some of them are going to have problems or fail, but this no contact running away, or pulling scammy shit like what happened with NVMeNetworks is starting to get old. Personally I probably will not be as quick to sign up with newish providers from now on. It really is a shame that these providers ruin it for the next guy that come along.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
Some of the new ones I don't get the vibe from and I am willing to help. Just some of them give me the trying to hard vibe and the approach doesn't feel genuine.
We all started out as newbs and I understand that all to well, but starting out means just that starting out. Don't try to be something you are not and push to be the best out of the gate. Listen to the people and learn being touted as one of the best comes later.
Sad thing is I get the vibe more often then not and it is from people I have never heard of before. It's like the Summer Host Syndrome is full year round anymore.
Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
Yes, I received an email like this, and if I don't verify, I won't be able to take any further actions, or even get a refund. So, I had to naïvely upload my personal information as requested. Is there any risk involved? Could you give me some advice?