I used the default permissions
folders 755
files 644
Since I already knew they don't support 777
I can confirm. On Bluehost, setting file attributes to 666 or 777 on php files will give an error. They wont execute.
---
From im / pm with gizmo -
Bluehost's rules are hitting something on the page Ruben is requesting
their hints say what the log contained that matched i guess
cookie setting is an odd thing to match
iirc they're regular text strings it matches
so if there was a post containing "html access", it'd throw a mod security error
or if say a page in the control panel included that string