Okay
My hosting provider has located the following in their logs.
[Fri Jan 23 06:26:48 2015] [error] [client 61.19.190.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:t(?:able_name\\\\b|extpos[^a-zA-Z0-9_]{1,}\\\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS_NAMES:USER_PASSWORD. [file "/var/cpanel/cwaf/rules/cwaf_02.conf"] [line "289"] [id "211540"] [msg "COMODO WAF: Blind SQL Injection Attack"] [data "Matched Data: USER_PASSWORD found within ARGS_NAMES:USER_PASSWORD: USER_PASSWORD"] [severity "CRITICAL"] [hostname "www.hcmaces.com"] [uri "/forums/ubbthreads7/ubbthreads.php"] [unique_id "VMHpqLISdT0ABajgBVEAAAAA"]
So this looks like their setup of Mod Security is treating the new user registration POST as a SQL Injection attack.
I'm on a shared (cloud) host, so any changes to mod security would not just affect my server so there could be some reluctance on their part to modify the settings.
I guess there is no way to modify the POST call in the new user registration module to either send the data as an encrypted stream, or to configure ubbthreads to run under https?
