Any of our clients concerned about https://www.drupal.org/PSA-2014-003 should be aware that we had patched all our shared hosting Drupal sites by 7:45pm UTC on 15 October. That is within 3 hours of the announcement and so 4 hours before the time the PSA suggests that attacks started.
