how to stop attacks from images or <img> tags

Question

Lets consider i have a domain named www.example.com/index.php. Some people are attacking my website by calling it using millions of image tags, like

<img src='www.example.com/index.php' >

<img src='www.example.com/index.php' >

<img src='www.example.com/index.php' >
 so on
</body>
</html>

This activity sending me too much spam traffic and my server is getting down. iam unable to stop/filter those requests, Please let me know what kind of attack it is and how to prevent it?

i have tried to stop the requests which consist image/png, image/jpg in ACCEPT request headers. it worked for latest versions of browsers.But the lower versions of IE is not supporting for the ACCEPT parameter properly, it always sending / in ACCEPT requests headers.

Answer 1

If there are just small amount of source pages containing this kind of attack, you can block them by referer.

Answer 2

Yes Srihari,
You can do something with cross origin policies. As per my guess, You dont need to allow other domains to access your content but just want to share your links with them.

Try something like this:

if(requested_domain != "yourdomain") {
     block();    
}

Because, content loading is csrf attack and this is a best way of blocking it.

If you want to provide access to other_domains to load your content through iframe #notImgSrc, you can do something like this:

if(requested_domain != "yourdomain") {
     if(requested_media != iframe){
          block();    
     }
}