I was approached by a server admin after installing Wordpress MU on a dedicated server. I was questioned with this, "When Wordpress MU installs, does it install a (test) database on the server?"
Is this possible?
Or is this some security vulnerability on their end? Apparently, something installed a (test) database on all of his databases.
Some quick google'ing shows a couple of discussions of folks seeing this and folks pointing at this:
http://dev.mysql.com/doc/mysqltest/en/
Please note the date of the docs.
I haven't seen this.
Turns out, it's a bot running wild on his server ignoring his directives and has nothing to do with the Wordpress install.
It sounds a bit worrying that something can go rampaging round his server creating new databases with impunity - who knows what else it might have done. I'd ask for your passwords to be changed and possibly recommend your users change their WPMU passwords too.
Nope, like I said, it had nothing to do with my account at all and everything to do with a module he installed relating to RSS.
Because no-one has installed Wordpress on his dedicated t3 server, the common misconception of wordpress's insecurity and vulnerabilities from the past reared it's ugly head and I was the brunt of accusation. He insisted my Wordpress install had messed with the integrity of his server.
He uses OS-Commerce which (in my opinion) has it's own set of vulnerabilities nearly equal to Wordpress.