It looks like Bluehost may have mod_security pattern match the URL to look for "http" and "https" in the URL's
query string.
UBB.threads currently uses urlencode(
get_current_url()) and appends it to the LOGIN link, so that a user will be taken back to the previous page (Originating Current URL) when they successfully log in.
This is an example of what Bluehost may be pattern matching for:
Pattern match "(?:;|/|\\\\|
)(?:\\\\b(?:cat|ls|perl|uname|pwd|cp|kill|tclsh8?|cpp|f(?:etch|tp)|http|https|python|chown|rm|kill|ping|rsync|r
diff-backup|scp|wget|curl|links|g\\\\+\\\\+|ch(?:grp|own)|passwd|r?(?:b|d)ash|t?c?sh|telnet|clang|nc)
\\\\b
|\\\\bsleep\\\\b [0-9])"
Request that they remove "http" and "https" from your mod_security patern match. Meanwhile, I'll look at passing the OCU data through to the login page in a different manor for an upcoming version of UBB.threads.