That’s a rough one, alright. You’d think they would quickly realize you are adequately “patched” and that Mambo/Joomla! exploit is not gonna work on your site, and then move on.
I suppose if they are all coming from the same IP address, or from just a few addresses, you could block the IP’s via .htaccess. Other than that I don’t know what to suggest. I’ve beem pretty lucky in that the few attempts of this nature that my sites have been exposed to were in shorts burst of activity, that then went away.
A look at whois for the site serving the exploit code show a couple of opportunities to screw with the guy - he is hosted by a California based Web host, and uses a gmail account. I think it quite likely that your error logs could get him booted for TOS/AUP abuse in each of those environments, if you want to go after him .