I'm under DDOS atack, atleast looks like.

I'm having real problems, I just shut my site down for security.

Look at this. (IMG)
[-link-]

Well, after all attacks my web site size is 450MB and before it, was 250MB(+-) How is that possible?

When I realized was to late... adn i get this "text" after the website crash.

EDIT:

Sorry, but I can't paste the code for some reason.

You know where you went wrong in your post? You provided us with zero useful information.

What e107 version are you using?
Are you using any third-party plugins?
What type of security measures do you have in place?
Is this the first time this has happened?

I know that it's extremely weird we can't help you with the post you gave us, but that's just how crazy we are around here.

Sorry, but i'm really nervous.

-version 0.7.26 maybe? The last one before actual version.

-All my plugins are from e107.org or other free deplovers.

-I don't really know what you mean with that. If you mean my hosting, I have SSL support but I'm not using it. Apart of that, nothing else, just normal login into parallels plesk panel 10.3.1 and phpMyAdmin 3.4.1 (I have really strong passwords)

-Yes, this is the first time.

I can't past all the code because the forum is not letting me, Its something like this:

Fatal error: session_start function.session-start function.session-start

Failed to initialize storage module: files (path: ) in /var/www/vhosts/mydomain.com/mydirectory/class2.php on line 482


Thank you for answering


EDIT


Oh god, wait a second, i was using one of the plugins what you have in your signature list "Ajax Chat". [-link-]

What should I do now? This plugin uses .txt file to save al the messages in the chat.

Anyway, can I be sure that the problem is of this plugin?

I'll follow "your steps" and se what happens thank you again!

First off -- you should upgrade to 1.0.0. I don't think anything has changed from 0.7.26 to 1.0.0 that is different as far as "getting hacked" is concerned, but there's really no reason not to upgrade.

Secondly, just because a plugin is listed here on this site does not mean it is safe, nor does the author of the plugin have anything to do with the plugin being safe or not safe. It's all in the manner it was coded. Most "unsafe" plugins were removed from this site, so you should be fine with getting them from here.

As far as security features, I was more talking about a modified .htaccess file or utilizing something like ZBBlock. Both of these things are talked about on the wiki.

I can't be sure the plugin you mentioned is the cause, but it's the only "logical" reason you have mentioned so far.

Finally, I would recommend removing the bad plugin and installing some sort of protection on your site (modified .htaccess file or ZBBlock). If you don't feel comfortable with doing this contact your webhost.

Following the instructions in the thread that is in my signature won't hurt, but it's possible that it's overkill in this situation.

The same error even with new installation with new directory and database.
[-link-]

I have no idea whats going on. On installation everything was, I've typed al data for the "database" acces and was all good, I "hit" OK and then that error comes out. Could be a database reading error?

I gonna install phpbb3 forum and see if it works.

For starters, look into Incapsula. I just put two of my sites through them and so far, I am happy with the results. They help block this kind of thing along with known malicious bots, cross site scripting, etc.

The first thing you should do is try and see what IPs the requests were coming from and block them in your .htaccess as Septor suggested.

I don't know about your PHP error, honestly. I got the same thing on my main domain and didn't put much investigation into it. It works on my development domain just fine and they are both on the same server rack.

All fixed and ZBBlock installed