Category Archives: Site Updates

The place to find the latest HonestRepair network-related news and information.

Unscheduled Downtime Due to Weather

On Friday, March 2, 2018 between about 11am and 3pm our services were intermittently unavailable due to extreme weather that brought wind gusts approaching 60mph to our little headquarters in Rowley MA, USA.

At 7:30pm the we experienced a power outage that took out our servers, routers, and everything else we rely on to keep our services online.

Power was not restored until around 4pm the next day, March 3, 2018. Once restored it took us about 2 hours to bring back our infrastructure and restore service.

We apologize for the circumstances that were outside of our control during this outage, and we appreciate your patience during this time. HonestRepair has limited capital to invest in backup power systems and redundant infrastructure. This incident gave us the opportunity to evaluate our shortcomings so that we may take action to improve upon them going forward.

As always, thanks for the clicks!

Statement On Meltdown and Spectre Vulnerability

Details of several vulnerabilities present in common processor models have recently been discovered by researchers at Google Project Zero, and the Institute of Applied Information Processing and Communications (IAIK) at the Graz University of Technology.

The vulnerabilities, dubbed Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715 and CVE-2017-5753), take advantage of the way most modern CPU’s are designed. Many hardware and Cloud vendors have released statements disclosing the level of impact these vulnerabilities have on their operations as well as the security of their clients data. HonestRepair would like to take some time to also disclose what these recent discoveries mean to us and our clients.

About The Vulnerabilities

Meltdown (CVE-2017-5754) targets a feature of modern CPU’s called “Speculative Execution.” This vulnerability can only be exploited on CPU’s from certain product lines of certain vendors. More specifically, most modern Intel CPU’s are affected (in other words, most of the computer market). The exploit uses the CPU’s branch prediction features in dubious ways to read protected parts of memory. For more information about the Meltdown vulnerability, please visit

Two versions of Spectre also target the “Speculative Execution” feature of modern CPU’s but in a different way than Meltdown. Variant one (CVE-2017-5715) uses a method called “Branch Target Injection.” Variant two (CVE-2017-5753) uses a method called “Bounds Check Bypass.” The Spectre attack also uses the CPU’s branch prediction features in dubious ways to read protected parts of memory. For more information about the Spectre vulnerability, please visit

With any variant of either the Meltdown or Spectre vulnerability an attacker could potentially gain access to parts of memory which contain passwords, cryptographic keys, or other sensitive information.

Impact Of Meltdown & Spectre to HonestRepair Services

Unlike other web-application service providers, HonestRepair does not host its client data on outside or 3rd party servers. All of our infrastructure is owned, operated, and maintained by us from our HQ in Rowley MA, USA. We designed and built our servers specifically for providing free, capable, and secure Cloud storage to our community. Our servers were built with AMD CPU’s based on the Vishera architecture.

With that being said, we have never been vulnerable to the Meltdown vulnerability (CVE-2017-5754). Additionally, we were never vulnerable to variant one of Spectre (CVE-2017-5715), “Branch Target Injection.” We were, however, vulnerable to variant 2 of Spectre (CVE-2017-5753), “Bounds Check Bypass” until Canonical released an update to our Ubuntu operating system on January 6th, 2018. Since then we have applied the latest Canonical Ubuntu updates and are continuing to monitor Ubuntu development.

We have no reason to believe, and no evidence to suggest that our services have been exploited by actors using either the Meltdown or Spectre vulnerabilities. As always, we will continue to keep the software and firmware within our infrastructure up-to-date to ensure the highest possible level of security and reliability for our users. We rely on your trust to keep our services online, and we promise to always stay vigilant when it comes to defending that trust.

Thanks again for using the HonestRepair Cloud!

Unscheduled Downtime & Brute Force Attack

HonestRepair services were intermittently unavailable over the past 48 hours as a result of numerous factors. Some users may have noticed decreased performance from our services over the past 6 days.

Starting on August 13th 2017 our services became the target of a brute force campaign by malicious actors attempting to hijack and take control of our servers. The attack began with thousands of botnet-infected machines from mostly Russian IP addresses trying to gain access to HonestRepair Testing and Administrator accounts. As the attackers ramped up their efforts to gain access to our Administrator accounts, we implemented “Account Lockout” mechanisms to reduce the effectiveness of the attack. We also changed our passwords frequently during the attack as a precaution.

By August 14th 2017 the attacks had greatly intensified. We began blocking IP’s that we identified as the greatest threat to our servers. We also implemented a geo-fence that prevented login access to any visitors from Russia, Pakistan, and Belarus. In order to prevent legitimate users in these regions from being locked out of their account, we also implemented a “Bypass Code” policy that allows legitimate users to gain access to their accounts from within the restricted regions. Bypass codes must be applied for by the user and manually approved by an HonestRepair administrator.

By August 15th 2017 the attackers were still attempting to gain access to our Testing and Administrator accounts. Our newly implemented security features were fully functional, and blocked a total of 3,659 malicious login attempts. None of the attackers were successful. No client data was leaked during the course of the attack, and no standard user accounts were breached. The attackers made no attempt to hack any of our users, They focused their efforts strictly on our Testing and Administrator accounts. It is important to note that even if the attackers had been successful in gaining access to our servers as an Administrator that no user Cloud data would have been accessible to them. We designed our HRCloud2 platform to be fail-safe. Our noSQL and limited liability Admin account means that in the event of a failure to protect the server, our platform still does not give Administrators the ability to view specific information, passwords, files, or logs of other users by design. In other words, if our platform fails, it “fails safely.”

By August 16th the attackers had (mostly) given up on their brute force campaign.

Then, on August 17th 2017 at around 3:00 AM a brief power outage knocked out our servers. This downtime event lasted until about 7:00 AM that same morning.

On August 18th 2017 at around 12:00 AM (midnight) our main server crashed. This caused an all-day outage up until about 6:30 PM.

Our services have since been restored and there should be no more outages for the foreseeable future. We appreciate the patience of our users and apologize for any inconvenience this series of events may have caused. We are always looking for ways to make our services better, faster, and more reliable and we hope to learn from these events so that we may improve our services in the future.


Server Upgrade Update

HonestRepair is in the midst of upgrading it’s network to increase storage capacity and reliability.

As we reported earlier, we are in the process of replacing and re-wiring our servers. So far, this is going well. We’ve increased our power capacity and are working to increase our storage capacity.

Unfortunately, we are now (unexpectedly) struggling with excessive heat. We had to re-factor our cooling to accommodate our additional power requirements. So far, we are short of where we should be in regards of processor cooling capacity.

This post is meant to be more informative than actionable for our users. We are working to mitigate excessive heat within our network. Excessive overheating may cause degraded performance for our users. We are working to correct these problems, and we appreciate the patience and co-operation of our users during this time. We are doing all we can to ensure our services remain available to users throughout the upgrade process. Thank you for your understanding.

Server Upgrades Scheduled

The HonestRepair network will be undergoing upgrades and maintenance beginning on 7/3/17 (tonight) at 11:00 PM EST and should be complete by 7/5/17 (Wednesday) at 11:00 PM EST.

During these times HonestRepair services may degraded or unavailable for short periods of time.

We are upgrading and maintaining our server’s power-supplies and storage arrays. The upgrades will make our services more energy-efficient, more capable, and more reliable. We hope to increase our storage capacity and reduce electrical consumption all at the same time.

Specifically, we will be replacing our primary server’s secondary PSU with a more efficient setup, re-routing cables, and adding storage capacity.

We will keep our services online as much as possible during these upgrades. We will also keep updating our website with the latest news as needed during and after the upgrade.

Urgent Maintanence Scheduled

HonestRepair servers must be taken offline temporarily due to urgent security maintenance.

The reason for urgency is that Ubuntu has patched a number of vulnerabilities on 6/29/2017 relating to a critical dependency of HonestRepair (Lubuntu).

Maintenance will begin at 9:15 PM EST tonight (6/29) and should be complete 10 minutes later, at 9:25 PM EST tonight. During that time, HonestRepair service performance may be degraded or unavailable. Total downtime is expected to be less than 5 minutes.


Maintenance Scheduled

Routine Maintenance will be performed on HonestRepair services at 11:00 PM EST, Sunday June 25th 2017 (Tonight) and scheduled to be complete thirty minutes later at 11:30 PM EST.

During these times, HonestRepair services may be degraded or unavailable. We predict less than 3 minutes of total combined “downtime” with up to 20 minutes of degraded performance.