Very recently one of my sites was hacked. Nothing dangerous, but the intruders just changed the index.php file. The main file was showing message that it was hacked! So I had to take it off and check each and every file for change. Luckicly found only two other files changed. The hackers injected code to those files and that code was showing the message on index page. That day I understood how difficult it is to find changed files.