Over the past, i've seen a cpanel account (with addon domains) getting infected from an outdated wordpress installation and spreading itself to other domains since all addon domains were included under public_html folder.
ie. /home/user/public_html/domain1.com /home/user/public_html/domain2.com
I know that this can be prevented by purchasing a reseller cpanel account and have seperated cpanel accounts for every domain, ie:
domain1: /home/user1/public_html/ domain2: /home/user2/public_html/
I was wondering if a php infection can be spread when the directory tree is as follows:
both domains got the same user but they are not sharing the same public_html folder, however they are sharing the same user.
Can an infection from /home/user/domain1.com/public_html/ take advantage of the user permissions and files ownage to be spreaded/copied to /home/user/domain2.com/public_html/