Seems like you had this issue a few months ago too
. Are you running a blog software like wordpress as well? The HTTP/1.0" 302 - should be just a redirect
. Would be more concerned if the POST returned a 200 response which means success.
Im am far from an expert or really knowledgeable about this but they could be getting in from an exploit on the webserver, other software like a blog, or got in prior to the patch and left a backdoor or all files not cleaned out.
Hopefully SD or someone can shed some light on this.