Hi if anyone is running joomla or mambo this rule stopps most if not all attacks against mambo and joomla as far as i know joomla and mambo do not use this request in any url so i have added it to my modsec rules and it gets all of the attacks against my server about 300 aday from compromised scripts
SecFilter "mosConfig_"
hope this helps
swampy