My webspace has been compromised as explained on this answered question. While looking for advice on other q&a it seems to me in the answers it is assumed the compromised system is a full dedicated or virtual, but not the shared hosting type.
As in shared hosting, even if ssh is available, most of the system is not there or not accessible, and many relevant tools such as a package manager are unavailable, there must be a difference between what can be compromised and how to deal with it in comparison with full servers.
For example, there is no access to root and no package manager.
I would like to understand the differences from the point of view of securing the web space after the attack.