Leosghost - 1:59 am on Sep 23, 2012 (gmt 0) [edited by: Leosghost at 2:20 am (utc) on Sep 23, 2012]
they actually changed the filedate?
filedates can be changed / faked..requires a light touch..
( was even mentioned here [webmasterworld.com] over 6 years ago )
Searching that piece of code in your msg:4498700, minus the @preg_replace
Gave me the first 414 I have had from Google..
414. Thatís an error.
The requested URL /search... is too large to process. Thatís all we know.
Putting an old date on a file is one way that hackers use to slide it past your attention, old dates to most people mean "must have always been there , don't delete it or mess with it" ..ditto the disguised "l" for "i" and similar tricks..even involving other alphabets sometimes..
You may find traces of recent probes to see what was vulnerable on your site in your 404 logs..( then again most sites are under a constant barrage of probes for vulnerabilities ) ..one way to avoid hacks is not to use "default" names for config type files and admin type files..most probes are looking for default setups ..especially for the more common CMS types..
[edited by: Leosghost at 2:20 am (utc) on Sep 23, 2012]