There are some nice rules that you can find at GotRoot, they are simple drop in files that help enhance mod_security. Of course, you'll want to watch your mod_security audit_log to see that they all are to your liking. For instance, I had to remove a "ultram" HTTP_REFERRER reference from the blacklist.conf file (and you can also) since that blocks intersite clicking on ultramookie.com. Anyways, there are a gazillion rules there, good exploring!