GardeningWithSilicon

You can try a couple of things: 
 
1. Make a new folder outside of the users folder. Something like C:\tempfolder would work. Then COPY the files to the new folder and attempt to zip again. 
2. Use a different program to compress the files and make sure that the zipped folder outputs somewhere else. 

I think we need more information. You could have a number of problems.
 
Let's start with the basics:
 
Network card model?
RAM amount? Usage?
Disk size? Is it a RAID? How much is used?
Is the server onsite? 
Switch model? Uptime? (yes, these do need to be restarted sometimes.)
CPU usage? 
Are you running AD? If so, is the file server also the AD server? If not, is the AD server onsite? Is it overloaded?
Is the file server a VM? If so, does it share the network port with any other servers?
Did you change any of the network adapter properties (large send offload, etc)? 
 
We are trying to make sure there are no bottlenecks.

I've never had to make one publicly available. I did make a centos rpm for a test agent we run. Once the rpm was written, I just handed into over to the devops dude to handle. 

Hi there. This got a bit longer than expected, but I hope to impart some experience. As a background, I have done security work for all three platforms. I have the least experience securing Macs, but I generally treat them the same as a Linux box. I don't think I have ever seen a Mac OS server hosting anything important. 
 
1.) https://research.checkpoint.com/rottensys-not-secure-wi-fi-service/ - a botnet of 5 million phones.
 
1b.) The Mirai botnet - https://www.csoonline.com/article/3258748/the-mirai-botnet-explained-how-teen-scammers-and-cctv-cameras-almost-brought-down-the-internet.html 
 
1c.) The largest Linux repo was compromised with malware - https://nakedsecurity.sophos.com/2016/02/22/worlds-biggest-linux-distro-infected-with-malware/
 
2.) I'm a linux admin. I can tell you how many times I've seen improperly secured servers which have been attacked. People don't install mod-secure and then skiddies scan the internet looking for servers which will process commands from http requests. Or, more likely, some CMS relies on an old version of PHP or a mysql database that hasn't been upgraded since before smartphones existed. But even ignoring that, watch the video I linked previously. You will see how many "low hanging fruit" are available with a default Linux installation. As I said before, the software is what makes the computer useful and is also what makes it vulnerable. 
 
2b.) Regarding users, permissions, and access: the same model for compromising a Windows box applies to Linux. It has the same security philosophy - use only the least amount of privileges required. They have a www-user. They have ACLs and a root account (which is disabled by default unless you choose to ignore doing this during setup). 
 
2c.) Regarding the "thousands-per-second" failed login attempts - This would be evidence of an improperly setup server. The port for logging into the database should not be accessible from outside localhost. Fail2ban should be implemented over the top of that to add those failed attempt IP addresses to the iptables droplist. 
 
3.) The IT professional would tell you no such thing. An IT professional would run a risk analysis. In this analysis, he would define who needs access to this server, and what needs to be on the server. From there, he would then ask if there are any requirements for the software on the server. From my experience, most MSP admins will recommend Windows simply because it's what they know. Small and medium sized IT admins will use Windows for the same reason. Linux requires its own skillset and knowledge base. Most admins I have met do not have the skills to secure a Linux box properly. 
 
But let's just say that we have an experienced Linux admin running a server. He still has to manage the server and its software. This means that he cannot just use the most recent version of Linux or the most recent version of Apache / Mysql / PHP. He has to make sure that whatever he is hosting on this server is compatible with the newest, most secure versions. That's where the problems start. In my experience, running a CMS like Wordpress or Joomla, you will not always be able to immediately update the box. There is a period of time between which an attack is discovered and used, and when the attack is mitigated. And that's the best case scenario. In the worst case, you get a call from a client with a compromised system that hasn't been updated ever. The software they run isn't compatible with anything more secure or even made in the last decade. Sometimes you can upgrade gradually but this is painstaking process that requires time to complete. In the meantime, the business is impacted. Business owners do not like having their service down for any reason - even if it is security related. And while some understand that it needs to be fixed, others don't. Those are the ones that become badly infected. They then spread the infection to others. 
 
As a side note: I had a customer who was running the most recent version of Joomla on a new installation of Linux on AWS. I discovered an attack was ran against the server. While the attack was stopped by the WAF, it still showed a hole which needed to be plugged. So, I prepared a powerpoint to show her what I found and what needed to happen to stop this from happening again. When I got to the technical portion of the attack, she laughed and walked out of the room. I think I blew her mind.
 
We did plug the hole and prevent similar style attacks from happening again. But, the hole was there. On the newest software on a secure platform. Security holes happen. Plugging the hole is possible. BUT - and this is the most important point - in my experience, Linux is a difficult platform to secure in perpetuity because it takes so much work to do right, and because the requirements of linux software are more difficult to satisfy. 
 
I think some work is being done to make this better. For example, docker containers and snap applications help a lot since they bundle the required supporting software with the software you want to run. But from my experience, it takes a more advanced administrator to use these. And I can tell you, most small and medium sized businesses don't have a devops position listed. They have a guy who took a web coding bootcamp and has a ftp access to some shared hosting site. 
 
I haven't worked for a large enterprise as an administrator yet. The largest environment I have worked in was 600 physical servers / with an addition 400~ virtual machines. This was a video hosting site running on Linux. There, we had an entire floor of Linux administrators, a 24x7 NOC team, and an entire floor of software developers. I was part of the NOC team, so I can tell you about Nagios would inform us of issues. 
 
I can also tell you that we did not have a massive log of failed attempts to compromise the server (at least to my knowledge). We used Fail2Ban. Instead, the NOC team responded to DDOS attacks and failed hardware. I did run my own server there. I can tell you that by moving ssh to a different port, failed login attempts dropped dramatically. 
 
If you have made it this far, congratulations! Here's the most important lesson: Some determined to get into the system will get in. There is a reason why safes are measured in time to access. Safes have far less security holes than any computer running server software on the internet. 

You could be experiencing a heavy load which looks like a hard lock up. But, if you can move the mouse, then the kernel hasn't crapped out. So that's good. 
 
You might want to use this: https://boinc.berkeley.edu/help.php . They actually have free live support for people trying to use SETI@home. 
 
Let me know if that helps =D. If they can't figure it out, we can take another crack at it. 

The mysql documentation should help: https://dev.mysql.com/doc/mysql-sourcebuild-excerpt/5.5/en/installing-source-distribution.html 
 
Do you know which Linux distribution you'll be using, and what the server will be used for? If you don't, you will need to get this information before you can proceed.