I've been using Aardvark Topsites PHP on my website for some time now, and have approx 400 members.
It appears that on March 2nd, something very strange happened. A group of about 10 sites received a large number of incoming unique hits, way more than could be a coincidence. One guy went from 1 unique on Mar 1, to 52 on Mar 2nd, and back down to 12 on Mar 3. ( http://blogs.tomstopsites.com/index.php?a=stats&u=185
). Most of the effected blogs had about 50 more unique hits that normal, but just for that one day.
Interestingly enough, according to the Apache webserver log, there actually *were* about 50 incoming hits that day for each of those blogs. But here's the strange part: They're all from very similar IPs. They all resolve to: "ppp-[ip address here].toldoh.ameritech.net".
More analysis of the log file shows that whatever tool (or person) was doing this basically would go through the list of 10 or so sites he had choosen, vote for each of them from a new unique IP, wait a while, then repeat. The time stamps repeatedly show a 2 second delay between loading the "button.php" graphic, and opening the "in.php?u=" page, which shows to me that it's not a human but a script.
I'm not entirely sure what the point of posting this is, other than to let people know that there is probably a cheating script out there. I don't know if there's really any way for Aardvark to block this kind of cheating, but if there is, it would be much appreciated.