Have just been looking at my MySQL user permissions during a security audit and have noticed about 20 MySQL users have been created with random names such as 'bug115166_10073'. They don't have any permissions enabled at all and I'm the only one who moderates the database.
Can anyone think what these might be and where they've come from? Seeing as there are zero permissions assigned to these users I assume they're safe to remove?
Please remove them right away !!!
Here is why : Anonymous users have access to any database whose first 4 letters are test. You can perform lots of CRUD intensive things in a test database. You may also want to rename the test databases to something completely different. Please read these links because I have addressed this issue before in the DBA StackExchange.
To confirm the need to do this, please note what MySQL 5.0 Certification Study Guide says on Page 498 Paragraph 6 in its bulletpoints:
On Unix, MySQL comes with a mysql_secure_installation script that can perform several helpful security-related operations on your installation. The script has the following capabilities:
- Set a password for the root accounts
- Remove any remotely accessible root accounts.
- Remove the anonymous user accounts. This improves security because it prevents the possibility of anyone connecting to the MySQL server as root from a remote host. The results is that anyone who wants to connect as root must first be able to log in on the server host, which provides an additional barrier against attack.
- Remove the test database (If you remove the anonymous accounts, you might also want to remove the test database to which they have access).
Extending from @Pekka's rhetorical question in the comments, check your existing valid users' permissions. You probably have an application account that has the CREATE USER privilege but not GRANT. To prevent this from happening in the future, revoke CREATE USER from all but your administrative accounts.
