Weird MySQL Users Been Created (eg. bug115166_10073) and not by me

Solution 1:

Please remove them right away !!!

Here is why : Anonymous users have access to any database whose first 4 letters are test. You can perform lots of CRUD intensive things in a test database. You may also want to rename the test databases to something completely different. Please read these links because I have addressed this issue before in the DBA StackExchange.

• Cannot drop anonymous user from mysql.user

• Is this a normal set of MySQL privileges?

To confirm the need to do this, please note what MySQL 5.0 Certification Study Guide says on Page 498 Paragraph 6 in its bulletpoints:

On Unix, MySQL comes with a mysql_secure_installation script that can perform several helpful security-related operations on your installation. The script has the following capabilities:

• Set a password for the root accounts
• Remove any remotely accessible root accounts.
• Remove the anonymous user accounts. This improves security because it prevents the possibility of anyone connecting to the MySQL server as root from a remote host. The results is that anyone who wants to connect as root must first be able to log in on the server host, which provides an additional barrier against attack.
• Remove the test database (If you remove the anonymous accounts, you might also want to remove the test database to which they have access).

Solution 2:

Extending from @Pekka's rhetorical question in the comments, check your existing valid users' permissions. You probably have an application account that has the CREATE USER privilege but not GRANT. To prevent this from happening in the future, revoke CREATE USER from all but your administrative accounts.