Add this code to your modsec config file:
SecRule REQUEST_METHOD "post" "deny,chain,status:500,id:9379635"
SecRule REQUEST_HEADERS " b88007"
To later track this run 'stat' on a modified file. Using the change and modify times find the times in the access log (domlog). This will deny any POST request with that string