Open /config/blesta.php and find Configure::set('Blesta.csrf_bypass', array()); and replace it with one of the following:

Disable CSRF checks on the login page:
Configure::set("Blesta.csrf_bypass", array('client_login::index'));

Disable CSRF checks on the login and reset pages:
Configure::set('Blesta.csrf_bypass', array('client_login::index', 'client_login::reset'));

Disable CSRF checks on the domain ordering page:
Configure::set("Blesta.csrf_bypass", array('config::preconfig','domain_form::index'));