I am managing a bunch of shared hosting servers and I still find clients of this company are installing older version of Mambo. This ModSecurity Rule is essential when you are dealing with a server where clients can install anything they want.
This goes in modsecurity_crs_15_custom.conf also
SecRule ARGS_NAMES “mosConfig_absolute_path” “deny,log,auditlog,redirect:http://www.google.co.uk”
I redirect to http://www.google.co.uk but have also been know to redirect to http://127.0.0.1