Hi Tom,
Some servers have a module called "mod_security" which urls when they contain certain character sequences. Last time we investigated we found that mod_security doesn't block some urls that start with admin.php.
So the solution is either don't rename admin.php or ask your host to disable mod_security for the cms folder. And if you get strange 403 errors at various points, that's probably mod_security as well, so ask your host to disable it if that happens.
Hope that helps!
Dave Edis - Senior Developer
interactivetools.com