#Joomla com_jce exploit SecRule HTTP_User-Agent "BOT for JCE" "deny,status:500,id:5000218,msg:'Joomla com_jce code exec'" #Joomla com_jce exploit SecRule REQUEST_URI "/images/stories/.+\.php" "deny,status:500,id:5000219,msg:'Joomla com_jce code exec'"
The first blocks the user agent. That exploit puts PHP files into site.com/images/stories/something.php if it is successful, so the 2nd rule blocks access to those in case they change user agent.
Even with the .htaccess or this first rule, you should still use the 2nd rule. Changing user agents is very simple.