Saving Country Music Back Up After Technical Meltdown/ Hacking Attempt
As you might have noticed, for portions of Sunday morning (7-14), and for the majority of Monday (7-15), Saving Country Music has been completely unreachable. This was due to a series of unfortunate events that first took the website down, and then forced us to take the website down ourselves to prevent further issues after it was hacked by a malicious party.
The problems began Friday afternoon when a minor issue emerged on the back end of the website. As we were trying to resolve this issue, perhaps the solution became worse than the problem, and it resulted in extremely slow load times, and sometimes the website not loading at all. To add insult to injury, while this was occurring, the company that hosts Saving Country Music on its servers decided it had enough, and served notice that Saving Country Music needed to find another place to live.
This would basically be like getting a Cancer diagnosis, and then on the same day, having your spouse tell you that they’re leaving you. I was fired as a customer so to speak, while the site was unreachable and suffering catastrophic errors. The current host did continue to help resolve the technical issues (however slowly), and is currently allowing Saving Country Music to stay, for the moment.
When we finally resolved the initial technical issue and were working to fortify the website, it was then taken over by hackers. In the going on 17 years of Saving Country Music, it has never been hacked. In fact, further protocols have been put in place since the cyberattack in late May to make sure similar things don’t happen again. Whether the hackers took advantage of some weakness that came up while the site was being worked on or it was completely unrelated, we lost control of the website, and I received what was basically a ransom letter Monday morning.
Luckily, both the hosting company and my tech team were able to gain back control the website without any money changing hands, or demands having to be met. However, I have lost another day of ad revenue, productivity, etc., and right as I have been putting in 18 hours days covering Under The Big Sky Fest in Whitefish, Montana.
For the record, there is no reason to believe at this moment that the hack was a targeted attack. It very well could have been and we’re investigating this. But unlike May’s DDoS attack that was targeted at an article about Morgan Wallen, there was no “target” here. There is a chance a hacker just saw a quick moment to take advantage, and pounced. Or perhaps not. Make no mistake about it, there are people dedicated to seeing this website disappear.
Ever since the cyberattack in late May, some users have continued to complain about access issues with the site or slow load times. What I can tell you is that all of this stuff will continue to be actively worked on. However, there is a good chance that this wave of catastrophic technical difficulties with the website are going to result in some major changes moving forward. Long story short, Saving Country Music is a very small, mostly one-man operation with low overhead that at times draws massive, massive amounts of traffic, creating unique problems. The current setup is going to be unsustainable moving forward.
The good news is the site is currently up and the “all clear” has been sounded, for now. But expect a host of “house cleaning” articles about Saving Country Music in the coming days and weeks as I revamp my approach and tie up some loose ends about some of the drama over the last few days, including being detained and kicked out of the Billy Strings concert at Under The Big Sky Fest Sunday evening. Hopefully, all of these upcoming changes will be for a more positive, productive, and sustainable future.
Thanks as always for reading, for your patience from trying to access the website over the last couple of days, and all the drama. Sunday was both one of the worst days of my life, and one of the best as I saw some of the most amazing musical collaborations I have ever witnessed. I look forward to sharing all of that stuff with you, some of which can now be seen on Instagram.
Onward and upward.
–Kyle “Trigger” Coroneos
July 15, 2024 @ 4:03 pm
The Billy Strings, Zach Top performance that you posted elsewhere, in the last several hours, was pure fire.
Such a joy to watch.
Extremely exciting to see Billy having so much fun, and totally in his element.
He and Zach were 100% synced in their excellence.
Now, let’s hear all about you being detained and kicked out of the Billy Strings performance.
Who do you think you are – me?
Laughing.
July 15, 2024 @ 4:10 pm
I get an error on two different iPhones in Chrome. I have been for about a week now. I can go to incognito mode on either phone and it loads. I can also use Safari and the site loads.
July 15, 2024 @ 4:44 pm
You probably need to clear cookies and/or cache for this website in Chrome if that is the issue you are encountering. If the website loads perfectly fine in Incognito mode, that is usually a sign that an existing cookie/existing site data is what is throwing the error.
Mobile browsers like Chrome tend to aggressively cache webpages to preserve mobile data use, so the error is likely Chrome pulling a “bad” copy of the website. In Incognito mode, it doesn’t access cached data, so that is why the website loads fine for you.
July 15, 2024 @ 5:44 pm
Also De-Frag/ Disc Clean-up….Helps clear Bugs !
July 16, 2024 @ 6:40 am
Defrag is not needed in modern versions of Windows, especially if you’re using an SSD. On a traditional spinning hard drive, modern versions of Windows automatically defrag when the PC is idle.
July 15, 2024 @ 4:48 pm
Thanks for the feedback Darren, and sorry for the issue. I will forward this to the technical team. Ever since the DDoS attack in May, I have been getting these messages constantly. Pestering the hosting company about them is one of the reasons I think they’re done with me. The security protocols we’ve had to put in place are causing other connectivity and caching problems, and it’s hard to find the right balance of accessibility and protection. Even with the elevated protection, we still got hacked.
July 15, 2024 @ 4:15 pm
Glad you are okay- relatively speaking- and glad it wasn’t a health issue or anything
July 15, 2024 @ 4:21 pm
Keep up the good work trigger. Don’t let the bastards get you down. If they steal SCM from you, you can just change it to STWFSM (Saving the World from $hi##y Music) and we will all just follow you there for our daily dose of real music!
July 15, 2024 @ 4:29 pm
If you ain’t getting shot at, you ain’t doing your job!
Let me know if I can help out in any way.
I really enjoyed your Under The Big Sky Fest coverage on Instagram and Silverada (the site formerly known as Twitter) and looking forward to a spirited recap.
July 15, 2024 @ 4:30 pm
Hang in there, Trig, we need you!
July 15, 2024 @ 4:51 pm
Pop country hacked saving country music
July 15, 2024 @ 5:04 pm
In one of the most beautiful parts of the world, watching someone ride in on horseback to play on wood and wire, while having to fight a war in cyberspace with someone from god knows where. Sucks to hear that, but you’re a trooper.
July 15, 2024 @ 5:08 pm
Don’t let it get you down. You’ve lived to fight another day. On a side night I remember an interview I saw one time, I forget who it was, but he predicted the internet would become unsustainable at some point due to all the bots, malicious activities, hackers etc. I feel like it may be sooner rather than later.
July 15, 2024 @ 5:13 pm
Do the economics make hosting on AWS or Azure an option?
July 15, 2024 @ 8:38 pm
Generally speaking I like to support and partner with independent businesses. But at some point I might not have another option.
July 16, 2024 @ 5:20 am
When it come time to look at another host, I know several here in Louisville that would do an excellent job for you.
July 16, 2024 @ 7:58 pm
Apparently your site has become a high profile target. At this point security, reliability and accountability is tantamount – and at some point you also should consider protecting the user’s. Though you are not an e-commerce site, a list of email addresses and IP addresses associated with them can create an attack vector on users via phishing, spam and bot farming ….
A local or small ISP may not have the funding or resources to fend off attacks- especially in light of the 2 crippling ones here.
July 15, 2024 @ 5:36 pm
Crazy. And it’s also been a slow news day the past few days so I need somewhere to go online..
July 15, 2024 @ 5:47 pm
SCM lives to fight another day! Thanks for the update Trig. Sorry and pissed to hear you had to deal with this bullshit. Gotta figure out how to redirect those damn hackers to Sam Hunt’s website or something.
July 15, 2024 @ 6:02 pm
Trig, I love your website. Since moving to Austin, and becoming more exposed to everything that country music encompasses, your website has been truly educational. Every evening, at some point, I see what new stories or album reviews have been written, and I usually listen to the music to see if it it something I want to check out further. I work in healthcare, and our company was recently the victim of a cyber attack, so I can relate to the issues you have faced in the past 2-3 days. As a music lover, I will say…if you ever need a cheap, part-time employee to help you do all that you do for SCM, Dude, I would jump at the chance.
July 15, 2024 @ 6:18 pm
Need to hear why you got forcibly removed from the festival on Sunday. Can’t leave us hanging…
July 15, 2024 @ 7:30 pm
“Saving Country Music will never make concessions to terrorists.” ~Ronald Reagan
July 15, 2024 @ 8:29 pm
Thanks for all you do Trig!
I’m an old school country(thanks to my pops), punk, & metal fan. This site has turned me on to so much great music that has been added to my record collection! I’m proud to have to have Lindi Ortega, Sarah Shook, Kaitlin Butts, Turnpike next to my Black Flag, Ramones, Slayer albums!
I’ll be celebrating my 51st bday at Whitey Morgan’s show in Gruene Saturday!
July 15, 2024 @ 9:07 pm
I say we form a posse and round up the ones what done it. Hog tie ‘em and make ‘em listen to “Metal Music Machine” by Lou Reed on repeat.
July 16, 2024 @ 6:36 am
“Send them all to their Maker and He’ll settle them down.”
-Beer for my Horses
July 15, 2024 @ 11:23 pm
Kyle, sorry for all the trouble you went through! Please check my message sent to you via your contact form here.
July 16, 2024 @ 3:48 am
Boy, I was shocked yesterday when I tried to get on the website and it asked me for a username & password. Of course, I had neither. But I sure did miss being able to read what’s going on. Thanks for all you do to keep this running and providing with all the latest and best in country music news!
July 16, 2024 @ 6:35 am
For the record, we had to prompt anyone trying to access the website with a username and password so the hackers could not get back in. I asked if they just couldn’t put up some sort of 404 error or “down for maintenance” and I was told “no.” I apologize because I know being prompted to log in created further confusion for some.
July 16, 2024 @ 5:21 am
A Compaq Presario with Windows NT 3.51 running Apache 1.3.4 with Kaspersky Enterprise in your basement just won’t do any more….
All joking aside, you’re big time now. You need a real ISP, and it may (gasp) require a “big tech” east or west coast firm to do it, Boris and Bubba be damned….
We have enough problems with Country Music (lingering “bro”, elitist Ameicana) etc. and we need a stable base to sort it out….
Best of Luck, Trig
July 16, 2024 @ 8:57 am
…problems with country music these days? you may come out of your panic room, prepper. the pandemic is over and so is florida georgia line. even sturgill got reincarnated somehow. the chiefs won the last super bowl even though travis kelce… – ah, see for yourself.
July 16, 2024 @ 7:40 pm
You miss my point, would help if you read it. More concerned with the stability of the forum and a place to discuss music without tech drama. You have your opinion, I have mine, Oliver.
July 17, 2024 @ 3:09 pm
Compaq Presario was my first laptop. It was one slick machine back in the day, let me tell you.
July 16, 2024 @ 5:53 am
I used to work in IT for decades (now retired). Hackers set up automated scans of ranges of IP addresses, just looking for vulnerabilities. Unfortunately, some configurations of web sites can leave them vulnerable for short periods of time when they are getting reconfigured. It could be a hacker’s script (no doubt, from a “script kiddie”) found the vulnerability at just the right moment.
Personally, I would love to come out of retirement if I could have the job of going around and removing the hackers of the world from the gene pool. 🙂
July 16, 2024 @ 6:35 am
Sounds like the Secret Service was in charge of SCM’s security!
July 16, 2024 @ 7:44 pm
More like Cyber Ninjas….
July 16, 2024 @ 7:15 am
Man, those Sturgill fans must’ve took the comment section on the album review pretty hard.
Keep up the great work, Trig!
July 16, 2024 @ 9:16 am
I was baffled yesterday and glad you are back online. Someone commented they moved to Austin and they enjoy your guidance. I moved away from Austin and I appreciate you keeping me a part of the scene. I hope you are breathing easier today and you are soon through the fog.
July 16, 2024 @ 10:25 am
Whether or not you want to admit it, Trigger, this site is being targeted. The DDoS attack a couple months ago, now this?
I asked you after the DDoS previously if you feel there were any issues with buffer overflow type attacks designed to exploit vulnerabilities and gain access to the site and you said, confidently, “no” in reply. Fine. But I brought it up for this reason.
Get a better host if they can’t handle something like this. I am not sure what your site’s back end consists of or what platform it runs on (apache, (heaven forbid) IIS, etc) but it needs to have more robust security settings enabled. Cloudflare protection can only do so much and it has its issues as well. I knew what the problem was the minute I saw a “please login” prompt when I tried to view the site on Sunday morning.
Whatever these “h4x0rs” are looking to accomplish or have accomplished will be made more apparent to you in the coming days/weeks or even months. They do not send ransom letters unless they have something they can work with.
Take this information as you will and use it as you wish or ignore and deny it altogether. I have absolutely no skin in this game… I simply enjoy your site and your articles and hope for it to be secure (for you and readers alike) and remain online.
I wish you the best going forward and also for a quick ad revenue recovery. Unsure why they want to continue to attack your site and services but let’s hope they stop.
God bless.
July 17, 2024 @ 6:27 am
I think we all know the attack was the mastermind of “Big Country” trying to take out a little guy. Give ’em hell, Trig!