HI I setup a new wordpress site for testing (can not be found in any search engine), and somehow it got hacked (webshell injected), and the website is showing a file manger. I have restored the testing site and remove the webshell file, but wonder if this hack would affect my other websites in the same server created with ISPconfig. I tried the injected file manger to access other website folder, and seems it can only access the hacked site folder. Just want to verify other sites are not affected as I am not sure. other sites functioning normally now. Thanks
Nope. It cannot as other websites should normally have their own access and permissions which is different from the hacked one. You don't have to restore into the same hacked website folder if you are so worried, on the other hand, you can simply create new website and work in / from there.
thanks for the reply. In fact, I don't know how this webshell attack happened. what caused the webshell file into my site. I want to find out what causing it, so I restored the testing site, and removed a plugin in wordpress that may be the cause, and see if it would happen again.
Actually, in some cases other data can be accessed through the PHP process. Are you using chrooted PHP-FPM? If you are unsure, then you most likely are not using it and they are at risk.
