Modsecurity ACL rules to stop spam

I was receiving a lot bounces at the Exim queue caused by spam posted in contact forms. So I setup this rule at /etc/httpd/conf/modsec.user.conf (also works for post made in guestbooks or forums)

All post containing the specified words will be refused with a 406 error.

In this case we block viagra, pharmacy, mortgage, loan, Anatrim, casino, etc words.

SecFilter "(viagra|pharmacy|phentermine|symbol|mortgage|pills|prozac|xanax|loan|
loans|roulette|casino|poker|blackjack|watches|valium|tramadol|carisoprodol|morta
ge|Anatrim|FINANZINVESTOREN)"
SecFilterSelective HTTP_REFERER "(viagra|pharmacy|phentermine|symbol|mortgage|pi
lls|prozac|xanax|loan|loans|roulette|casino|poker|blackjack|watches|valium|trama
dol|carisoprodol|mortage|Anatrim|FINANZINVESTOREN)"
SecFilterSelective POST_PAYLOAD "(viagra|pharmacy|phentermine|symbol|mortgage|pi
lls|prozac|xanax|loan|loans|roulette|casino|poker|blackjack|watches|valium|trama
dol|carisoprodol|mortage|Anatrim|FINANZINVESTOREN)"
SecFilterSelective HTTP_REFERER|ARGS "(natural|penis|male).*(enlarg.*|enhanc.*)"

If anyone has more words or spam that are received frequently please post it here to help others.
We could make a list and I can update the post with them.

Thank you.

BsAs Ninja

 

Anyways I dont have clients running gambling, drugs, sex sites (cause i dont accept them)
and if that was the case I just disable the rules for that specific domain.

Here is a link with some handy rules to stop this types of referrer spam http://www.ilovejackdaniels.com/apache/block-referrer-spam/