Rebuilding a website following a security breach

Ross Hamilton has been involved in all sorts of web development since the early 90s, studying Computer Science up to PhD level where he continued to work in the field before founding web & software development company SteamDesk. Now a member of C4DI, he is keen to get his hands stuck into our community. 

Following a blog post on their website, a client got in touch with Ross and the team at SteamDesk in dire need of help with their website. Developed with Magento, their site was victim to "drive-by hacking", where hackers gain unauthorised access to the developers' wireless network that has been discovered from an external location, allowing them to pull private data from the website.

SteamDesk were contracted directly by the client's ISP, a York-based company called ha247.co.uk, who had to intervene whenever site security was compromised by technical mistakes made by the previous developer. SteamDesk stepped in to solve the immediate and major technical problems after the previous developer was removed from the project, taking the website offline to try and salvage it. Unfortunately they couldn't fix the security flaws in the site so they rebuilt it in a few days, making it responsive for mobiles in the process.

The new mobile website by SteamDesk

The new mobile website by SteamDesk

Ross expands on how they improved, not just fixed, the website: "While we were at it, we made it mobile-friendly, and put enterprise-quality source control and intrusion detection systems in place, putting the client on a much safer footing going forward... It has been back online for a couple of days now, and early indications are that the tidy new design and much better mobile interface are actually resulting in a significant jump in sales, which will soon more than pay for the downtime and development costs."

It's important to remember that your site may look good and work reasonably well, but that doesn't mean it's completely invulnerable to security flaws. Having your customers' details secure and inaccessible to any type of intrusion is vital, and a step no business should gloss over. Check out the before and after pics of the MyBandageDress website below, and find out more about the work SteamDesk do here.