The hackers are one of the big problem on Internet. I have still some sites on Joomla 1.5 as clients did't opt for updates and they by miracle working. but it is miracle.
May I suggest what I use usually to monitor sites: RS Firwall, or Sucuri or any other Firewall. The good indication is always there to check for any errors there. I use much more than that but you can find few good tools eysite etc. If site is hacked I would suggest same procedure what you do when upgrading site... Database dump and work from new installation. Just make sure there are no injections. I deal with hackers for years and it is war I never win
but protect myself for later just in case. Joomla is ok Magento is much harder. Joomla 2.5 is already very insecure so if it is what you have just do upgrade locally.
Please do not just listen to hosting company. Lucky Joomla 2.5 is easy to upgrade. well relatively depending on how much extra development was done and modifications.
Install latest joomla and theme and import databases ( again check check check for injections ) and protect yourself as once site is hacked chances are they will attempt again so it is good to monitor site for awhile.
Locally you can also on your computer use virus scanner to scan image folder etc. But I would if I were you examine also for unusual files too.
Good luck as i know it is not easy after hackers to deal with site. Better off sign for sucuri
seriously for few dollars you have peace of mind. Especially if client has no resources to pay developers to look after him. Just make sure you A records are updated that is all that takes.
By the way I love Shape5 templates they are awesome! glad I found it:) so clean.