Well I have mod security running in test mode but I am bit daunted by
where to start the audit log is in constant action and I assume most is
legit. Our joomla sites seem to be the problem.
This was one rule 960904 and this 960034 another . But I am not sure if
I could ever enable it for real because there is a shed load more by the
look of it.
I am using the latest mod security rule set. Shame there is not a more
joomla friendly rule set