The tips on this page can be rated with the fivestar widget. It now happend that more and more entries got a very bad rating. As a result, the list of good rated articles on the front page shortened and became just on entry.
A first thought was a crawler that follows the first (but worst) rating link. But then I found this entry, that shows a similar problem. On executing the statement
select count(vote_source) as votecount, vote_source from votingapi_vote group by vote_source; it showed more than 2,500 ratings from the ip range 220.127.116.11 to 18.104.22.168, which belongs to a Swedish Internet provider. If it was an intentional attack, a havok running script or really a user cannot be read from the database.
As a first action I removed all ratings.
[Update 2011-07-03 15:14] The complete IP address block from ViaEuropa is blocked through .htaccess.