After monitoring the comments that Akismet blocked very carefully, I can report that I’ve had no false positives for nearly a week. I’m not quite sure what changed to fix things.
With a dynamic system like Akismet, things will change over time. That is the nature of the beast. I don’t know whether Matt and the crew tweaked something, or whether a concerted poisoning attempt stopped being effective, but I’m glad I can start trusting it again.
I suspect it was the former because the change back was very dramatic, though I’m sure Automattic would not want to admit to it.
In the meantime, at around one this morning, my server went down, or rather my blog stopped working. After a quick investigation, I determined that the database server was complaining of too many connections. I checked and there were a large number of httpd processes running. Presumably each, or most had a database connection open. Static files were being served ok, but anything involving the database was failing.
I restarted the Apache and that seemed to cure it. I started checking through log files to see if I could determine the culprit, but found nothing suspicious. Fifteen minutes later the site was down again. I then spent the next two hours monitoring the situation. A quick script allowed me to watch the process count:
ps -ef | grep httpd | wc -l
It was growing quite rapidly from an initial 16 to over 100, though the site would start failing at about 80. In the end I gave up when the process count stayed stable for 20 minutes. Though when I checked after a few hours sleep, it had gone down again and was down for over 5 hours. I’m presuming it was an attack of some kind.
It has since gone down again, but the growth in number of processes seems to take a much longer time. I didn’t find anything obvious in the logs that I checked, but maybe it is one of the lesser sites which is being attacked. I will continue to investigate…