[webizen]

Quote:

...
[Mon Sep 19 00:27:09 2011] [error] [client 82.181.193.116] ModSecurity: Access denied with code 403, [Rule: 'ARGS' '(fromCharCode|http-equiv|<.+>|innerHTML|dynsrc|-->)']
[Msg: XSS attack]
2011-09-19 00:27:09.324 NOTICE [82.181.193.116:57055-0#XXXX] Content len: 1181, Request line: 'POST /wp-admin/post.php HTTP/1.1'
...

This indicates that page (/wp-admin/post.php) that does the post contains value of "fromCharCode|http-equiv|<.+>|innerHTML|dynsrc|-->" (any). You may verify by looking that source of the page (not php code itself). If that's the case, you can disable the rule.