If your form use AJAX to post the data, depending on the library and browser version, the POST could come across as a GET request. If you are not using AJAX and instead rely on the native HTML form post, then there are a few causes which may or may not point to hacking - but that is a possibility. Search engine provide some strange data when crawling sites, security scanners (both good guys and bad guys use scanners), even stray forms you didn't realize existed or were mis-coded because the default post method is GET for some unknown reason.
Hi, Steve Sommers,
Thank you for your response. I am using AJaX to submit the form, jQuery 1.11. But this is intentional, switching back and forth between GET and POST; every other is a GET, every other from that is a POST, and the POSTs are duplicating form entries (the form is filled out, for these) and tacking them on as URL parameters. And the AJaX is setting the type to "POST", so there's no native HTML form submission that could default to GET.
What I suspect is going on is the user copied the DOM containing the form and pasted into a local file, and is using that to submit the form. The reason why I think this is because I have a CAPTCHA that doesn't load until ten seconds after the page loads, and the CAPTCHA value is NOT included in the form submit.
This is not a user that is using the form as intended - rather this is someone intentionally screwing around, trying to find a vulnerability. I just have never seen this, before, and was curious if anyone else ran across something like this.