The odds on e ahack taking the time to run a password cracker against a sites ftp is slim unless you deal with credit card transactions or have upset them. For one you need to know the account name to be testing passwords against.
The usual way a site gets defaced is an insecure HTTP or FTP server. The most common exploits being malformed URLs such as http://www.domain.com/cgi-bin/../../...%20/etc/passwd. Once agains I will say that I don't think the problem here was that they got their site hacked as hackers rarely delete a site instead they just deface it by altering the index page.
carju1 if you ever want to look up a sites details use www.samspade.org which is a collection of tools such as whois look up, ip trace, and safe browser which just retrieves and displays a sites HTML.
A quick look at the details of disneywebdesign.com shows me that the domain was registered by WILD WEST DOMAINS, INC. who registered it through VoxDomains.com. I think the problem was confusion. What I think happened was that they resitered the domain and then uploaded their site to their web space. They then checked the domain and saw nothing, this would of been because the domain registration hadn't gone through yet or was in the process of going through. They state that their site was there but not at the URL they expected it to be at, this I assume means that it wasn't at www.disneywebdesign.com but was at the direct url supplied to them by their host. As anybody who uses a shared server knows you are given a direct url such as http://server.hostsdomain.com/username and this would of been the url they found their site at.
I believe that this was not spam but was just a misunderstanding on how the internet and hosting works and a plea for help.Some people owe this person an apology.