I use the redirection plugin, and to block this sort of stuff I just use a REGEX and redirect them all through an ALEXA redirect to my home page.

Most of them won’t follow the redirect, but it does block them.

.*php\?(page|j|o|r|file|sub|.*?)=(http|ftp).*