I had a look in the hosting server and found the following issue in ModSecurity.
Rule 98127: Detects MySQL comment -/space - obfuscated injections and backtick termination
.........................
2015-09-27 10:06:34
www.rootdamage.com 58.xxx.xxx.xx (my IP) CRITICAL 302
Request:
GET /administrator/index.php?option=com_jmap&task=ajaxserver.display&format=json&data=%7B%22idtask%22%3A%22fetchSeoStats%22%2C%22template%22%3A%22json%22%2C%22param%22%3A%7B%7D%7D
Action Description:
Access denied with redirection to
http://www.rootdamage.com/ using status 302 (phase 2).
Justification:
Pattern match "(?i
?:,.*?[)\\da-f\"'`][\"'`](?:[\"'`].*?[\"'`]|\\Z|[^\"'`]+))|(?:\\Wselect.+\\W*?from)|((?
elect|create|rename|truncate|load|alter|delete|update|insert|desc)\\s*?\\(\\s*?space\\s*?\\())" at ARGS:data.
.............................
I think this is one for you as I cannot change the ModSecurity rules?
Regards
David