First of all, it is a good thing this URL is blocked because it's an attempt at SQL injection. Even if this Admin Tools feature (Suspicious URL Parameter) had not caught it, the SQLiShield feature would have caught it.
That said, I will give you two parts in my reply regarding the emails.
First and foremost, why did you get multiple emails. If you look at the timing of the requests, they all came within a few seconds. They are being processed in parallel. Since PHP is a strictly stateless language there is no (reliable) way for different processes to tell each other "gee, we're all blocking the same IP address". Therefore, each one of these processes does its own block and sends its own email. At some point this information is committed to the database, and the database makes it available for reading, therefore that IP gets auto-blocked and subsequent requests from that IP address are discarded silently. This is normal. It's how your web server works. Anything else would make your site deathly slow.
The second part is that you should not have set up a production site to send emails about blocked requests. This feature is meant as a troubleshooting aid in exactly two cases: 1. when first setting up Admin Tools, since you're very likely to encounter lots of false positives; and 2. when troubleshooting something you can't otherwise reproduce. During normal, stable, production operation of a site you should disable emails on blocked requests by removing your email address from Admin Tools' configuration. This makes Admin Tools' performance much better. It will block this kind of malicious request storm even faster.
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
