my spip sites 403 forbidden at OVH - What to do ?

Dear Spip folks:

I host some spip sites at ovh.com and they have suddenly been 403
forbidden (and access disabled)

since there was a notice up announcing "We are currently updating
Apache from version 2.2 to version 2.4. This update may affect the
configuration of your .htaccess file." i believed it had to do with
Apache updating. But i have been told by the support people that this
is due to a possible hacking attempt . I wonder what i can do. Please
suggest course of action. To fix the problem

posted below is an extract from: the error logs:

[Sat Sep 16 00:01:29 2017] [error] [client 213.251.182.103]
ModSecurity: Access denied with code 403 (phase 2). Operator EQ
matched 0 at REQUEST_HEADERS. [file
"/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf"]
[line "65"] [id "960009"] [rev "2.1.1"] [msg "Request Missing a User
Agent Header"] [severity "NOTICE"] [tag
"PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag
"OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "siawi.org"] [uri
"/spip.php"] [unique_id "WbxNuQoAVBAAAG4OIzIAAAEu"]
[Sat Sep 16 00:01:55 2017] [error] [client 213.186.33.4] ModSecurity:
Access denied with code 403 (phase 2). Operator EQ matched 0 at
REQUEST_HEADERS. [file
"/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf"]
[line "65"] [id "960009"] [rev "2.1.1"] [msg "Request Missing a User
Agent Header"] [severity "NOTICE"] [tag
"PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag
"OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "siawi.org"] [uri
"/spip.php"] [unique_id "WbxN0woAQBQAAB2lsOUAAACL"]
[Sat Sep 16 00:01:57 2017] [error] [client 213.186.33.4] ModSecurity:
Access denied with code 403 (phase 2). Operator EQ matched 0 at
REQUEST_HEADERS. [file
"/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf"]
[line "65"] [id "960009"] [rev "2.1.1"] [msg "Request Missing a User
Agent Header"] [severity "NOTICE"] [tag
"PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag
"OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "siawi.org"] [uri
"/spip.php"] [unique_id "WbxN1QoAQBQAAB2lsPAAAACZ"]
[Sat Sep 16 00:04:15 2017] [error] [client 87.98.255.4] ModSecurity:
Access denied with code 403 (phase 2). Operator EQ matched 0 at
REQUEST_HEADERS. [file
"/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf"]
[line "65"] [id "960009"] [rev "2.1.1"] [msg "Request Missing a User
Agent Header"] [severity "NOTICE"] [tag
"PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag
"OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname
"www.mainstreamweekly.net"] [uri "/spip.php"] [unique_id
"WbxOXwoAQBQAACYWSEoAAADW"]
[Sat Sep 16 00:04:19 2017] [error] [client 87.98.255.4] ModSecurity:
Access denied with code 403 (phase 2). Operator EQ matched 0 at
REQUEST_HEADERS. [file
"/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf"]
[line "65"] [id "960009"] [rev "2.1.1"] [msg "Request Missing a User
Agent Header"] [severity "NOTICE"] [tag
"PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag
"OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname
"www.mainstreamweekly.net"] [uri "/spip.php"] [unique_id
"WbxOYwoAQBQAACYWSHsAAADr"]
[Sat Sep 16 00:05:12 2017] [error] [client 87.98.255.4] ModSecurity:
Access denied with code 403 (phase 2). Operator EQ matched 0 at
REQUEST_HEADERS. [file
"/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf"]
[line "65"] [id "960009"] [rev "2.1.1"] [msg "Request Missing a User
Agent Header"] [severity "NOTICE"] [tag
"PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag
"OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname
"www.mainstreamweekly.net"] [uri "/spip.php"] [unique_id
"WbxOmAoAQBQAACYWSlIAAADQ"]
[Sat Sep 16 00:06:10 2017] [error] [client 87.98.255.4] ModSecurity:
Access denied with code 403 (phase 2). Operator EQ matched 0 at
REQUEST_HEADERS. [file
"/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf"]
[line "65"] [id "960009"] [rev "2.1.1"] [msg "Request Missing a User
Agent Header"] [severity "NOTICE"] [tag
"PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag
"OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname
"www.mainstreamweekly.net"] [uri "/spip.php"] [unique_id
"WbxO0goAQBQAACYWTAcAAADq"]
[Sat Sep 16 00:06:16 2017] [error] [client 87.98.255.4] ModSecurity:
Access denied with code 403 (phase 2). Operator EQ matched 0 at
REQUEST_HEADERS. [file
"/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf"]
[line "65"] [id "960009"] [rev "2.1.1"] [msg "Request Missing a User
Agent Header"] [severity "NOTICE"] [tag
"PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag
"OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname
"www.mainstreamweekly.net"] [uri "/spip.php"] [unique_id
"WbxO2AoAQBQAACYWTCwAAADS"]

--
best regards
Harsh Kapoor

Hi,

your log contains a lot of attacks like
https://www.owasp.org/index.php/Top_10_2010-A7-Insecure_Cryptographic_Storage

I think that OVH has put you websites in a protection plateform.

It has nothing to do with SPIP because static files are blocked too (http://siawi.org/INSTALL.txt)

1007 for the support at France. I don’t know elsewhere.

.Gilles