# http://www.atomicorp.com/
# Atomicorp (Gotroot.com) ModSecurity rules
# Anti Spam rules
#
# Created by Prometheus Global (http://www.prometheus-group.com)
# Copyright 2005-2009 by Prometheus Global, all rights reserved.
# Redistribution is strictly prohibited in any form, including whole or in part.
# Distribution of this work or derivative of this work in any form is 
# prohibited unless prior written permission is obtained from the 
# copyright holder. 
#
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS 
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 
# THE POSSIBILITY OF SUCH DAMAGE.
#
#--------------------------------
# notes
#--------------------------------
# Rules work with modsecurity 2.x and above only

#--------------------------------
#start rules
#--------------------------------


# Phase 2 rules
# Rule 300000: Blacklist of referer spam hostnames
SecDefaultAction "log,deny,auditlog,phase:2,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace"


SecRule REQUEST_HEADERS:Referer "!@pmFromFile domain-spam-whitelist.conf" "chain,id:300000,rev:3,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Spam Domain detected in Referer'"
SecRule REQUEST_HEADERS:Referer "@pmFromFile domain-blacklist.txt"  

#Rule 30061
##SecRule ARGS "!@pmFromFile domain-spam-whitelist.conf" \
##       "chain,capture,id:300061,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Local Blacklist Spam Domain detected in Referer',logdata:'%{TX.0}'"
##SecRule ARGS|!ARGS:setting[banemail] "@pmFromFile domain-blacklist-local.txt"  \
#

# Rule 300002: Comment Spam
SecRule REQUEST_URI "!(?:/imp/compose\.php|/profile\.php)" \
        "id:300062,rev:2,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Adult',chain"
SecRule REQUEST_HEADERS:Referer "(?:blow)+[\w\-_.]*(?:jobs?)+[\w\-_.]*\.[a-z]{2,}" 

# Rule 300003: Comment Spam
SecRule REQUEST_URI "!(?:/imp/compose\.php|/profile\.php)" \
        "id:300063,rev:2,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Adult',chain"
SecRule REQUEST_HEADERS:Referer "(?:gay)+[\w\-_.]*(?:beastiality)+[\w\-_.]*\.[a-z]{2,}" 

# Rule 300004: Comment Spam
SecRule REQUEST_URI "!(?:/imp/compose\.php|/profile\.php)" \
        "id:300064,rev:2,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Adult',chain"
SecRule REQUEST_HEADERS:Referer "(?:beastilality)+[\w\-_.]*(?:stories)+[\w\-_.]*\.[a-z]{2,}" 

# Rule 300005: Comment Spam
SecRule REQUEST_URI "!(?:/imp/compose\.php|/profile\.php)" \
        "id:300065,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Adult',chain"
SecRule REQUEST_HEADERS:Referer "(?:free)+[\w\-_.]*(?:beastiality)+[\w\-_.]*\.[a-z]{2,}" 

# Rule 300006: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/profile\.php)" \
        "id:300066,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Adult',chain"
SecRule REQUEST_HEADERS:Referer "(?:horse|animal|dog)+[\w\-_.]*(?:porn|cocks|dick|sex|penis|blowj.*)+[\w\-_.]*\.[a-z]{2,}" 

# FP level is high, turn on only if you need too
# Rule 300007: 
#SecRule REQUEST_URI "!(?:/imp/compose\.php|/profile\.php|/product_info\.php)" \
#        "id:300067,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Buy Online',chain"
#SecRule REQUEST_HEADERS:Referer "(?:buy)+[\w\-_.]*online[\w\-_.]*\.[a-z]{2,}" 

# Rule 300008: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/profile\.php)" \
        "id:300068,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy/Adult',chain"
SecRule REQUEST_HEADERS:Referer "(?:diet|penis)+[\w\-_.]*(?:pills|enlargement)[\w\-_.]*\.[a-z]{2,}" 

# Rule 300009: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/profile\.php)" \
        "id:300069,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy/Adult',chain"
SecRule REQUEST_HEADERS:Referer "(?:enlarg|enhanc).*(male|penis|natural).*\.[a-z]{2,}" 

# Rule 300060: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/profile\.php)" \
        "id:300070,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy/Adult',chain"
SecRule REQUEST_HEADERS:Referer "(?:enlarg|enhanc).*(?:male|penis|natural)\.[a-z]{2,}" 

# Rule 300061: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/product_info\.php)" \
        "id:300071,rev:2,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "(?:online)+[\w\-_.]*pharmacy" 

# Rule 300062: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300072,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: General',chain"
SecRule REQUEST_HEADERS:Referer "(?:i|la)-sonneries?[\w\-_.]*\.[a-z]{2,}" 

# Rule 300063: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300073,rev:3,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "(?:silagra|morphine|ritalin|levitra|lolita|carisoprodol|phentermine|amitriptyline|diethylpropion|viagra|lisinopril|vig-?rx|zyban|valtex|xenical|adipex)+[\w\-_.]*\.[a-z]{2,}" 

# Rule 300064: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300074,rev:4,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "!(?:/imp/login\.php)" chain
SecRule REQUEST_HEADERS:Referer "(?:ephedrine|neurontin|glucosamine|testosterone|cialis!t|lipitor|effexor|propecia|celebrex|gluclosamine|lexapro|ephedra|levitra)+[\w\-_.]*\.[a-z]{2,}" \

# Rule 300065: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300075,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: General',chain"
SecRule REQUEST_HEADERS:Referer "(?:magazine)+[\w\-_.]*(?:finder|netfirms)+[\w\-_.]*\.[a-z]{2,}" 

# Rule 300066: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300076,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "(?:male|penis)enlarg*\.(?:biz|com|net|org|us|info)" 

# Rule 300067: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/administrator/index2.php)" \
        "id:300077,rev:3,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Male Enhancement',chain"
SecRule REQUEST_HEADERS:Referer "male.*(?:enlarg|enhanc)" 

# Rule 300068: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300078,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: General',chain"
SecRule REQUEST_HEADERS:Referer "(mike)+[\w\-_.]*apartment[\w\-_.]*\.[a-z]{2,}" 

# Rule 300069: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300079,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Adult',chain"
SecRule REQUEST_HEADERS:Referer "(?:milf)+[\w\-_.]*(?:hunter|moms|fucking|lessons)[\w\-_.]*\.[a-z]{2,}" 

# Rule 300080: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300080,rev:2,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "(?:natural|penis|male) en(?:large|hance)"

# Rule 300081: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300081,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Pharmacy: Adult',chain"
SecRule REQUEST_HEADERS:Referer "(?:natural|penis|male)+[\w\-_.]*(?:enlarg.*|enhanc.*)" 

# Rule 300082: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300082,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy/Gambling',chain"
SecRule REQUEST_HEADERS:Referer "(?:online)+[\w\-_.]*(?:prescription|casino|roulette|slot)+[\w\-_.]*\.[a-z]{2,}" 

# Rule 300083: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300083,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Gambling',chain"
SecRule REQUEST_HEADERS:Referer "[\w\-_.]*(?:casino|roulette)\.[a-z]{2,}" 

# Rule 300084: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/admin/write\.php|/administrator/index2.php|/js/lib\.js)" \
        "id:300084,rev:3,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Gambling',chain"
SecRule REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Referer:retpage "[\w\-_.]*(?:casino|roulette).*\.[a-z]{2,}" 

# Rule 300085: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/admin/write\.php|/administrator/index2.php)" \
        "id:300085,rev:2,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Gambling',chain"
SecRule REQUEST_HEADERS:Referer "(?:slot)+[\w\-_.]*machines\.[a-z]{2,}" 

# Rule 300086: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300086,rev:2,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "(?:prozac|zoloft|xanax|valium|hydrocodone|vicodin|paxil!l|vioxx)+[\w\-_.]*\.[a-z]{2,}" 

# Rule 300087: 
SecRule REQUEST_URI "!(/imp/compose\.php|/index\.php\?file=Admin&page=setting&op=save_config)" \
        "id:300087,rev:3,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Referer:footmessage "(?:ragazze)-?\w+\.[a-z]{2,}" 

# Rule 300088: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/admin/write\.php)" \
        "id:300088,rev:2,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Gambling',chain"
SecRule REQUEST_HEADERS:Referer "(?:texas)+[\w\-_.]*holdem" 

# Rule 300089: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300089,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "(?:phentermine)+[\w\-_.]*online" 

# Rule 300090: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/admin/write\.php)" \
        "id:300090,rev:2,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Gambling',chain"
SecRule REQUEST_HEADERS:Referer "(?:texas)+[\w\-_.]*hold[\w\-_.].*em" 

# Rule 300091: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/admin/write\.php)" \
        "id:300091,rev:2,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Gambling',chain"
SecRule REQUEST_HEADERS:Referer "texas[\w\-_.]hold[\w\-_.]em" 

# Rule 300092: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/admin/write\.php)" \
        "id:300092,rev:2,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Gambling',chain"
SecRule REQUEST_HEADERS:Referer "pacific+[\w\-_.]*poke.*\.[a-z]{2,}" 

# Rule 300093: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/admin/write\.php|/wp-admin/(?:admin-ajax|page)\.php)" \
        "id:300093,rev:4,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Gambling',chain"
SecRule REQUEST_HEADERS:Referer "poker+[\w\-_.]*\.[a-z]{2,}" 

# Rule 300094: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/admin/write\.php|/wp-admin/(?:admin-ajax|page)\.php)" \
        "id:300094,rev:4,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Gambling',chain"
SecRule REQUEST_HEADERS:Referer "[\w\-_.]*poker\.[a-z]{2,}"

# Rule 300095: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/admin/write\.php|/wp-admin/(?:admin-ajax|page)\.php)" \
        "id:300095,rev:5,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Gambling',chain"
SecRule REQUEST_HEADERS:Referer "[\w\-_.]*poker.*\.[a-z]{2,}" 

# Rule 300096: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/admin/write\.php|/wp-admin/(?:admin-ajax|page)\.php)" \
        "id:300096,rev:4,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Gambling',chain"
SecRule REQUEST_HEADERS:Referer "poker.*\.[a-z]{2,}" 

# Rule 300097: 
SecRule REQUEST_URI "!(?:/imp/compose\.php|/admin/write\.php|/wp-admin/admin-ajax\.php)" \
        "id:300097,rev:2,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Gambling',chain"
SecRule REQUEST_HEADERS:Referer "(?:random|free|internet)+[\w\-_.]*slots\.[a-z]{2,}" 

# Rule 300098: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300098,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "(?:wellbutrin|tenuate|tramadol|pheromones|phendimetrazine|ionamin|ortho.?tricyclen|retin.?a\b)+[\w\-_.]*\.[a-z]{2,}" 

# Rule 300099: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300099,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "ultram\.[a-z]{2,}" 

# Rule 300100: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300100,rev:3,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "(?:celexa|valtrex|zyrtec| hgh |ambien |flonase|allegra|didrex|bontril|nexium)+[\w\-_.]*\.[a-z]{2,}" 

# Rule 300101: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300101,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "(?:[\w\-_.]+\.)?(?:l(?:so|os)tr)\.[a-z]{2,}" 

# Rule 300102: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300102,rev:2,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "(?:lose[\w\-_.]*weight|weight[\w\-_.]*loss)[.a-z0-9]+\.[a-z]{2,}" 

# Rule 300103: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300103,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "(?:prices|pills|buy|diet*|medic(?:ine|ation|al)|dru.*)\.pharma.*\.[a-z]{2,}" 

# Rule 300104: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300104,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Adult',chain"
SecRule REQUEST_HEADERS:Referer "[0-9a-z_.\-]*(?:bulkcrawler|sysco[mn]-[a-z0-9]+|jagk|kloony|azgirlcam)\.[a-z]{2,}" 

# Rule 300105: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300105,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Adult',chain"
SecRule REQUEST_HEADERS:Referer "[0-9a-z_.\-]*(?:camfun24|jardimed|kylos(?:net)?|istarthere|roxtet|freshgirls)\.[a-z]{2,}" 

# Rule 300106: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300106,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Adult',chain"
SecRule REQUEST_HEADERS:Referer "[0-9a-z_.\-]*(?:dailyorbit|insurancequoteweb|i-horny|livenet|filthserver)\.[a-z]{2,}" 

# Rule 300107: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300107,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Adult',chain"
SecRule REQUEST_HEADERS:Referer "[0-9a-z_.\-]*(?:formula42|ilya|9sekund|find-it-buy-it|xopy|bukakke)\.[a-z]{2,}" 

# Rule 300108: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300108,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Adult',chain"
SecRule REQUEST_HEADERS:Referer "[0-9a-z_.\-]*fortunecity\.[a-z.]+\.[a-z]{2,}" 

# Rule 300109: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300109,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Gemeral',chain"
SecRule REQUEST_HEADERS:Referer "[0-9a-z_.\-]*(?:notlong|isacommie|musicbox[0-9]|miccel|rooody|rowdd|colkk)\.[a-z]{2,}" 

# Rule 300110: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300110,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "[0-9a-z_.\-]*(?:nullnix|plongs|pimrim|ewilla|startseek|ponagansetpost)\.[a-z]{2,}" 

# Rule 300111: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300111,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: General',chain"
SecRule REQUEST_HEADERS:Referer "[0-9a-z_.\-]*(?:sysrem[0-9]+|lemonrider[0-9]*|exitq|defunctportal|andrewsaluk)\.[a-z]{2,}" 

# Rule 300112: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300112,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Adult',chain"
SecRule REQUEST_URI "href.*http.*\{@\DOMAIN}\.*\{\@URL\}.*\{\@ANCHOR\}" 

# Rule 300113: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300113,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Drugs',chain"
SecRule REQUEST_HEADERS:Referer "online-phentermine" 

# Rule 300114: Comment Spam
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300114,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Adult',chain"
SecRule REQUEST_HEADERS:Referer "(?:hannigan|bynes|alicia[\w\-_.]silverstone)+[\w\-_.]*(?:nude|nudies)+[\w\-_.]*\.[a-z]{2,}" 

# Rule 300115: Comment Spam
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300115,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Adult',chain"
SecRule REQUEST_HEADERS:Referer "(?:hannigan|bynes|alicia[\w\-_.]silverstone)+[\w\-_.]*(?:nude|nudies|american[\w\-_.]pie)+[\w\-_.]*(?:pictures)+[\w\-_.]*\.[a-z]{2,}" 

# Rule 300118: Comment Spam
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300116,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Adult',chain"
SecRule REQUEST_HEADERS:Referer "backseatbangers+[\w\-_.]*\.[a-z]{2,}" 

# Rule 300116: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300117,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Male Enhacement',chain"
SecRule REQUEST_HEADERS:Referer "penis.*(?:enlarg|enhanc|natural|pill|surgery|traction)" 

# Rule 300117: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300118,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Referer:toemail|!REQUEST_HEADERS:Referer:fromemail "[\w\-_.]meridia[\w\-_.]*\.[a-z]{2,}" 

# Rule 300117: 
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300119,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "Buy[-_]Cheap[-_](?:Adipex|Suboxone|Pseudovent|Yasmin|Topamax|Trazodone|Prevacid|Zyrtec|Soma|Plan|Xenical|Toprol|Zoloft|Synthroid|Valtrex|Wellbutrin|Valium|Protonix|Yaz|Vytorin|Ritalin|Zocor|Seroquel|Ultracet|Plavix|Voltaren|Zyprexa|Xanax|Vicodin|Penicillin|Potassium|Tramadol|Provigil|Prednisone|Vioxx|Zithromax|Strattera|Testosterone|Ultram|Prozac|Viagra|Propecia|Levitra|Phentermine|Cialis|Fioricet|Ephedra|Ambien)" 

# Rule 300117: 
# stacked spam rule - levitra-levitra-levitra or leviTrA retila_prosac etc.
SecRule REQUEST_URI "!(?:/imp/compose\.php)" \
        "id:300120,rev:1,severity:2,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Referrer Spam: Pharmacy',chain"
SecRule REQUEST_HEADERS:Referer "((?:Adipex|Suboxone|Pseudovent|Yasmin|Topamax|Trazodone|Prevacid|Zyrtec|Soma|Plan|Xenical|Toprol|Zoloft|Synthroid|Valtrex|Wellbutrin|Valium|Protonix|Yaz|Vytorin|Ritalin|Zocor|Seroquel|Ultracet|Plavix|Voltaren|Zyprexa|Xanax|Vicodin|Penicillin|Potassium|Tramadol|Provigil|Prednisone|Vioxx|Zithromax|Strattera|Testosterone|Ultram|Prozac|Viagra|Propecia|Levitra|Phentermine|Cialis|Fioricet|Ephedra|Ambien)[-_\. ]){,3}" 

<LocationMatch /cerberus-gui/parser.php>
  SecRuleRemoveById 300080
</LocationMatch>

<LocationMatch /wp-admin/options\.php>
  SecRuleRemoveById 300002
  SecRuleRemoveById 300003
  SecRuleRemoveById 300004
  SecRuleRemoveById 300005
  SecRuleRemoveById 300006
  SecRuleRemoveById 300007
  SecRuleRemoveById 300008
  SecRuleRemoveById 300009
  SecRuleRemoveById 300060
  SecRuleRemoveById 300061
  SecRuleRemoveById 300062
  SecRuleRemoveById 300063
  SecRuleRemoveById 300064
  SecRuleRemoveById 300065
  SecRuleRemoveById 300066
  SecRuleRemoveById 300067
  SecRuleRemoveById 300068
  SecRuleRemoveById 300069
  SecRuleRemoveById 300081
  SecRuleRemoveById 300082
  SecRuleRemoveById 300083
  SecRuleRemoveById 300084
  SecRuleRemoveById 300085
  SecRuleRemoveById 300086
  SecRuleRemoveById 300087
  SecRuleRemoveById 300088
  SecRuleRemoveById 300089
  SecRuleRemoveById 300090
  SecRuleRemoveById 300091
  SecRuleRemoveById 300092
  SecRuleRemoveById 300093
  SecRuleRemoveById 300094
  SecRuleRemoveById 300095
  SecRuleRemoveById 300096
  SecRuleRemoveById 300097
  SecRuleRemoveById 300098
  SecRuleRemoveById 300099
  SecRuleRemoveById 300100
  SecRuleRemoveById 300101
  SecRuleRemoveById 300102
  SecRuleRemoveById 300103
  SecRuleRemoveById 300104
  SecRuleRemoveById 300105
  SecRuleRemoveById 300106
  SecRuleRemoveById 300107
  SecRuleRemoveById 300108
  SecRuleRemoveById 300109
  SecRuleRemoveById 300110
  SecRuleRemoveById 300111
  SecRuleRemoveById 300112
  SecRuleRemoveById 300113
  SecRuleRemoveById 300114
  SecRuleRemoveById 300115
  SecRuleRemoveById 300116
  SecRuleRemoveById 300117
  SecRuleRemoveById 300118
  SecRuleRemoveById 300119
  SecRuleRemoveById 300120
</LocationMatch>