1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 12:41 am May 21, 2026

Forum Moderators: phranque

Message Too Old, No Replies

A normal visitor seems to be executing a POST command - should I worry

POST command worry

         

Wmff

11:33 pm on Jun 3, 2022 (gmt 0)

Top Contributors Of The Month



Should I be concerned that, what otherwise seems like a normal visit, a visitor appears to successfully execute a "POST" command? I don't recall anyone/anything ever executing a "POST" command before during a regular visit to my site (see the log entry at 08:33:04). This seems like a normal referal from a duckduckgo search:

185.229.59.195 - - [03/Jun/2022:08:30:03 -0400] "GET /index.php/gallery/other-animals/reptiles/michigan-snakes HTTP/1.1" 200 43544 "https://duckduckgo.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0"

Another thing that concerns me is the change in the number following the file name ........6493, prior to the "POST" command it was 25050 (08:32:55), after the "POST" command it was 25453 (08:33:04).

here are the server logs surrounding the seconds before and after the "POST" command:

185.229.59.195 - - [03/Jun/2022:08:32:55 -0400] "GET /index.php/gallery/other-animals/reptiles/michigan-snakes/eastern-massasauga-rattlesnake/eastern-massasauga-rattlesnake-1-6493 HTTP/1.1" 200 25050 "http://www.example.org/index.php/gallery/other-animals/reptiles/michigan-snakes/eastern-massasauga-rattlesnake" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0"
185.229.59.195 - - [03/Jun/2022:08:32:56 -0400] "GET /index.php/gallery/image?view=image&format=raw&type=img&id=6493 HTTP/1.1" 200 45797 "http://www.example.org/index.php/gallery/other-animals/reptiles/michigan-snakes/eastern-massasauga-rattlesnake/eastern-massasauga-rattlesnake-1-6493" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0"
185.229.59.195 - - [03/Jun/2022:08:33:04 -0400] "POST /index.php/gallery/other-animals/reptiles/michigan-snakes/eastern-massasauga-rattlesnake/eastern-massasauga-rattlesnake-1-6493 HTTP/1.1" 200 25453 "http://www.example.org/index.php/gallery/other-animals/reptiles/michigan-snakes/eastern-massasauga-rattlesnake/eastern-massasauga-rattlesnake-1-6493" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0"
185.229.59.195 - - [03/Jun/2022:08:33:05 -0400] "GET /media/joomgallery/js/smoothgallery/scripts/jd.gallery.js HTTP/1.1" 200 32184 "http://www.example.org/index.php/gallery/other-animals/reptiles/michigan-snakes/eastern-massasauga-rattlesnake/eastern-massasauga-rattlesnake-1-6493" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0"

I did check the image and nothing visually has changed and the size of the file does not appear to have changed.
I also downloaded the image and scanned it for virus and malware and didn't find anything.

What's going on?

[edited by: phranque at 12:19 am (utc) on Jun 4, 2022]
[edit reason] please exemplify domains [/edit]

phranque

12:50 am on Jun 4, 2022 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



I don't recall anyone/anything ever executing a "POST" command before during a regular visit to my site (see the log entry at 08:33:04).

have you checked all the <form> elements in the referring document?
[03/Jun/2022:08:33:04 -0400] "POST /index.php/gallery/other-animals/reptiles/michigan-snakes/eastern-massasauga-rattlesnake/eastern-massasauga-rattlesnake-1-6493 HTTP/1.1" 200 25453 "http://www.example.org/index.php/gallery/other-animals/reptiles/michigan-snakes/eastern-massasauga-rattlesnake/eastern-massasauga-rattlesnake-1-6493"

the action parameter value of the form element is either blank or self-referential.
This seems like a normal referal from a duckduckgo search

this and and the timing of the requests and the fact they are using a current version of FF (101.0) combined make it seem a presumably human-like visit.
Another thing that concerns me is the change in the number following the file name ........6493, prior to the "POST" command it was 25050 (08:32:55), after the "POST" command it was 25453 (08:33:04).

those numbers are not part of the file name.
those columns in the web server access log file indicate the size of the HTTP Response in bytes.

phranque

12:54 am on Jun 4, 2022 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



also, welcome to WebmasterWorld [webmasterworld.com], Wmff!

Wmff

1:33 am on Jun 4, 2022 (gmt 0)

Top Contributors Of The Month



Thanks for the info and quick reply.

not2easy

4:03 am on Jun 4, 2022 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Welcome to the forums Wmff!

Pardon my curiosity but is there a reason the http: requests are responding with a 200 (OK) rather than a 301 redirect to https: ? Most sites changed a few years ago due to browser (and Google) grumbling.

Wmff

5:47 am on Jun 4, 2022 (gmt 0)

Top Contributors Of The Month



The majority of regular visitors to my site seem to be generating this code [HTTP/1.1" 304], with maybe 25% or less showing a code [HTTP/1.1" 200] during the same visit. I just checked a recent log and the only time a see [HTTP/1.1" 301] is from malicious visits/IP's reported with a history of abuse - so if they come back they see this [HTTP/1.1" 403].

phranque

9:05 am on Jun 4, 2022 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



The majority of regular visitors to my site seem to be generating this code [HTTP/1.1" 304]

the 304 status code means your resource caching is working.
with maybe 25% or less showing a code [HTTP/1.1" 200] during the same visit

the 200 status code means OK and is a normal response when returning a document or other requested resource.

the reason not2easy asks about the 301 is that most web sites are using secure web protocol (https:) instead of http: so normally http: requests are redirected with a 301 status code to the equivalent https: url.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 12:41 am May 21, 2026