I built a site using the Spectrum template in April 2015. I have since been doing regular maintenance on this site for the client and have had no issues with it.
But just last week I discovered an issue with a module using the Image and Content Fader. When I try to make any changes and click 'save' I get a '403 Forbidden' error page. In fact, when I simply open the module and then click close, I also get the '403' error page. I have also tried creating a new module using the Image and Content Fader, and likewise get a '403' Error.
I have 14 other existing modules using the Image and Content Fader and they can be modified and saved/closed without getting the 403 error. It is only the one module above (and when trying to create a new one) that I get the error. I can create new modules using other extensions, etc, but not the Image and Content Fader.
I have asked the web host to look into it, as it seemed like it must be a server issue. They have come back with the following:
"The module on Joomla seems to be vulnerable to a X-Changer SQL Injection Vulnerability which ModSecurity has flagged.
Nov 1 05:17:10 httpd [modsecurity] [Tue Nov 1 05:17:10 2016] [error] [client 18.104.22.168] ModSecurity: Access denied with code 403, [Rule: 'ARGS:from|ARGS:into|ARGS:id' '(?
?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\'|union.*select.*from)'] [id "390025"] [msg "Atomicorp.com WAF Rules - Virtual Just In Time Patch: X-Changer SQL Injection Vulnerability"]
As you are on a shared hosting package, at this stage we would recommend disabling this plugin and use an alternative."
I explained that it's not a plugin and that I don't have an alternative to use! And I explained what I have detailed above to you.
Can you shed any light on this?