I have just observed repeated attempts to POST data to LS from several URLs. The path looks odd, but the requests are getting 200 OK responses, so I'm concerned that I have a vulnerability. Can anyone comment on this?

Sample (IPs changed to protect the innocent!):
abc.efg.217.140 - - [15/Jan/2015:11:15:38 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14432
abc.efg.217.140 - - [15/Jan/2015:11:15:39 +0000] "POST /index.php/survey/index HTTP/1.1" 200 17952
abc.efg.217.140 - - [15/Jan/2015:11:15:41 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14326
abc.efg.217.140 - - [15/Jan/2015:11:15:44 +0000] "POST /index.php/survey/index HTTP/1.1" 200 10293
abc.efg.217.140 - - [15/Jan/2015:11:15:53 +0000] "POST /index.php/survey/index HTTP/1.1" 200 7812
abc.efg.217.140 - - [15/Jan/2015:11:15:55 +0000] "POST /index.php/survey/index HTTP/1.1" 200 15281
abc.efg.217.140 - - [15/Jan/2015:11:16:06 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14009
abc.efg.217.140 - - [15/Jan/2015:11:16:11 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14357
abc.efg.217.140 - - [15/Jan/2015:11:16:19 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14460
abc.efg.217.140 - - [15/Jan/2015:11:16:27 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14444
abc.efg.217.140 - - [15/Jan/2015:11:16:33 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14449
abc.efg.217.140 - - [15/Jan/2015:11:16:37 +0000] "POST /index.php/survey/index HTTP/1.1" 200 14416
abc.efg.217.140 - - [15/Jan/2015:11:16:38 +0000] "POST /index.php/survey/index HTTP/1.1" 200 13171

I can't see any malicious changes in any surveys.

---john---

Surevy url after starting are allways /index.php/survey/index.
And all surveys pages need $_POST

OK, seems reasonable. I am concerned with the speed of those replies, though. What's the recommended way of checking which SID those POSTs are going to?
---john---