Website being cleansed of defacement...Open Spam Relay detected!

Just some remarks on the analysis of this website apparently under maintanance.

Now cleansed from a defacement hack: http://killmalware.com/knitwerk.com/# but not a functional website yet.
reverse dns report: http://toolbar.netcraft.com/site_report?url=http://ip-37-60-234-156.siteground.com
website risk status = 10 red out of 10.

See: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fknitwerk.com&useragent=Fetch+useragent&accept_encoding=
Source code

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
 <head>
  <title>Index of /</title>
 </head>
 <body>
<h1>Index of /</h1>
<table><tr><th><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr><tr><th colspan="5"><hr></th></tr>
<tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="cgi-bin/">cgi-bin/</a>               </td><td align="right">29-Dec-2015 16:51  </td><td align="right">  - </td><td>&nbsp;</td></tr>
<tr><th colspan="5"><hr></th></tr>
</table>
</body></html>

There are two folders there: FOLDER
FILE##_index_defaultpage.html
FOLDER
FILE##_index_defaultpage.html 202 text/html
EXTRALINK##http://httpd.apache.org/docs-project/ 1 (apache/ubuntu documentation)
last reboot 68 days ago → http://toolbar.netcraft.com/site_report?url=https://httpd.apache.org

HTTP/1.1 403 Forbidden =>
Server => nginx
Date => Mon, 01 Feb 2016 16:08:51 GMT
Content-Type => text/html
Content-Length => 1878
Connection => close
Host-Header => 192fc2e7e50945beb8231a492d6a8024
CPanel has error logs…

http://toolbar.netcraft.com/site_report?url=http://knitwerk.com

Also consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fknitwerk.com

New Dreamwork excessive server header info proliferation found: Apache/1.3.33 Unix DAV/1.0.3 mod_fastcgi/2.4.2 mod_gzip/1.3.26.1a PHP/4.4.1 mod_ssl/2.8.22 OpenSSL/0.9.7e

The KnitWerk dot com issues are certificate and spam related: 2 errors & 8 warnings: https://mxtoolbox.com/domain/knitwerk.com/
Domain status → https://whois.domaintools.com/knitwerk.com
Name Servers Versions
WARNING: Name servers software versions are exposed:
37.60.234.112: “9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.2”
37.60.235.107: “9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.2”
Exposing name server’s versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system. Learn how to hide version.

112 other sites hosted on this server with IP address - http://alle-domeinnamen.xyz/37/60/234/37.60.234.156.html
Some are reported as PHISHing sites. Reverse Entries for MX records
WARNING: Found mail servers with inconsistent reverse DNS entries. You should fix them if you are using those servers to send email. → http://www.dnsinspect.com/knitwerk.com/1454344171

polonus (volunteer website security analyst and website error-hunter)