#Joomla com_jce exploit
SecRule HTTP_User-Agent "BOT for JCE" "deny,status:500,id:5000218,msg:'Joomla com_jce code exec'"

#Joomla com_jce exploit
SecRule REQUEST_URI "/images/stories/.+\.php" "deny,status:500,id:5000219,msg:'Joomla com_jce code exec'"

The first blocks the user agent. That exploit puts PHP files into if it is successful, so the 2nd rule blocks access to those in case they change user agent.

Even with the .htaccess or this first rule, you should still use the 2nd rule. Changing user agents is very simple.


Outra sugestão: