"It's always the script providers fault" :yawn:... lol
I used to work for a webhost, and had to learn the inner workings of mod_security, then found out a lot of hosts use it, but refuse to work with clients on it...
It's until you start forcing them to look at the mod_security log that they'll start actually making attempts, if they care that is...