I have seen the updates requesting that we install these updates on Magento and seen questions here on how to do so and some difficulty in doing so.
However I'm still unclear as to why I should do so and what will happen if I don't.
Also (I'm quite new to Magento) these updates take a couple of hours to implement, how often do they come along?
Many thanks Ed
The 5344 security patch fills a hole that allows for total bypass of authentication to get into your Magento website Admin backend.
http://magento.com/security-patch
At the top of the page is a fill-out form ShopLift detector.
At the bottom of the page is instructions on how to use their check api to test. It basically connects to your website and uses the same hole the hackers will be exploiting soon.
Check your server access logs for the following requests:
POST /index.php/admin/Cms_Wysiwyg/directive/index/
Also, change your admin url.
And it is a good thing to add a Watchlog module and block some IP's in .httaccess:
############################################
## By default allow all access
Order allow,deny
Deny from 93.115.83.243
Deny from 95.110.207.164
Deny from 104.219.248.145
Deny from 108.61.122.9
Deny from 108.61.123.80
Allow from all
Those IP's are the IP's currently brute-forcing my store...
Watchlog extention: http://www.magentocommerce.com/magento-connect/watchlog.html
