Site hacked but not malcious only outdated CMS and vulnerabilities!

See: http://killmalware.com/video-kurs.ru/
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.26 or 3.3.5
Website defaced, 3 instances of. Details: http://sucuri.net/malware/entry/MW:DEFACED:01

Hacked By Darkcrowtr DOMXSS vuln.: Results from scanning URL: hxtp://video-kurs.ru/components/com_flippingbook/js/flippingbook.js Number of sources found: 35 Number of sinks found: 11 Nothing found at first sight: http://www.isithacked.com/check/http%3A%2F%2Fvideo-kurs.ru%2F Connection problems: http://www.dnsinspect.com/video-kurs.ru/1417891918 IP baness history: https://www.virustotal.com/nl/ip-address/89.253.247.177/information/ Avast detects following malcode launched from a domain on that IP = Win32:Rootkit-gen [Rtk] for CMSTP.EXE.MUI and Win32:Mutopy-B [Trj] for WinInit.exe.mui (detection with a broad spectrum)

pol