It's a good time to point out to new server admins that you should restrict access to your server to a limited set of IPs. For many servers, this means localhost only. If you go and open up port 3306 and tell mysql to listen on a public interface, you open up your server to an exploit like this.
The default ubuntu install has mysql listen on localhost only (probably debian too). I'm not sure about windows.
|