I know you addressed your comments to Charter, but I hope you don't mind if I add my 2 cents to this.
You can verify when your site was last spidered by going to your phpdig database, the table called spider, and look at both the upate and last_modified date fields. If you're certain that neither you nor any other authorized individual has re-spidered your site in the last 2 or 3 weeks, I would change the admin username and password [and surely you didn't leave those with the default values of admin - admin?]. While you're at it, make those "strong" - i.e., names that don't spell anything and are a combination of letters and numbers.
Your problem also brings to mind something that would be a nice-to-have with phpdig. I know that when I logon to my website's control panel, I get a message telling me the last IP address that accessed it. I'd like to see something like that in phpdig. That way, you'd have some assurance that an unauthorized person hadn't been in your admin pages.