This morning someone signed up a splog, but there isn't a user account with it. The user and email fields are blank. I checked the database and have the IP address of the user, but there isn't a name or email address anywhere.
I checked my logs and can see where the person used an external form to create the account which I'm assuming is a hack into the WPMU system. They didn't even have to activate it. I have the url of the form that was used.
I'm not familiar with the trac system, and don't know if I should post the specifics (url to hack form) there since it is probably sensitive information that should not be viewed by the general public. Is there someone I should email with this info?