The dev site and live site are exactly the same, the only difference...
is that the dev site has "dev" as the subdomain and the live site has "www". I think it's an apache hack exploited through a wordpress plugin that has since been deactivated/deleted or updated.