Security through obscurity - still exploitable?

Where a hoster offers SSH with a glitch. Read here: -http://www.hackingarticles.in/ssh-penetration-testing-port-22/

See: https://urlquery.net/report/427f2358-1b85-4d59-a2c7-b50bf6874e04
and https://www.virustotal.com/#/domain/www.euroschooltravel.com
also: https://www.virustotal.com/#/url/8bc53d6deaf5a863756af24ba8ed1db2600d740f7754ae40b8b1d10764116d5b/detection
On the same IP → https://urlscan.io/result/23344e5e-e66a-469a-9b73-5852b3d8f9ed/jsonview/
Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=gerds.nl&ref_sel=GSP2&ua_sel=ff&fs=1
On that host: https://www.shodan.io/host/94.124.122.9 also see: https://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fgerds.nl
Via dumpster we find: HTTP: bHosted
HTTPS: bHosted
HTTP Server found in Global Scan data (Passive)

SSH: SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.10 -94.124.120.218

Exploitable? → : http://www.bortzmeyer.org/files/vente-sshd-leak.txt (was tested by researcher for SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1 Q.E.D.) Mind that vulnerabilties are offered here for sale to white, grey and black hats.

With this it has been demonstrated again that excessive info proliferation could cost you dearly,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)