Now I automated my free hosting service by giving Instant activation account.

Some Genius members are registering it for proxy and for using rapidleech.

Daily I have to clear approx 10-20 account for this issue.
Is their anyway to block them immeditly if they upload and use a proxy/leech script.

Just log their IP address and ban em if they abuse. That will keep the numbers down.

Alternatively, you don't use instant activation. Use quick activation, meaning you look through the accounts manually and check their website usage purposes before approving/rejecting them.

I manage to block rapidleech via mod_security. Now, I am looking for suggestion on how to block proxy scripts to lessen manual intervention.

Just log their IP address and ban em if they abuse. That will keep the numbers down.

Alternatively, you don't use instant activation. Use quick activation, meaning you look through the accounts manually and check their website usage purposes before approving/rejecting them.

IP Blocking:
he may using dynamic IP also.

Quick Activation - Also give problem:
I will not be online and monitoring user account 24 hours a day.
When I activate the account and go away .They can do the proxy and leech script uploading and use the resources temprory and delete script before I monitor.

So this will also create a problem :classic2:

disable fopen.

Disable libcurl.

enable_safe mode too globally, and openbase_dir if you haven't.

disable fopen.
Yes ,good idea to block all file operation read/write. Thanks


Disable libcurl.
cool idea to block proxy. Trying Thanks


enable_safe mode too globally, and openbase_dir if you haven't.

safemode to globally .how to set globally (I heard their is 0(disable), 1(enable) ) are values for safemode

But each causing one application not to work.
Thanks for all your help. Rapidleech problem solved.

enabled safe_mode in the php.ini file, save it, restart the server.

I tried disabling fopen and safemode on and it didn't stop rapidleech.

Disabling fopen just gives warning but continues on his download process. Safemode on the other hand, I didn't see any features disabled in rapidleech while it was ON.

safe_mode should stop certain proxy scripts, fopen will instantly kill proxies anyway, or it should at least.., it'll also stop joomla being hosted too. Erm... let me look at the souce code of RL first, then I'll get back to you.
/edit:
It only takes the one function to break the rapidleech script, that would be, fgets()
disable the nearly all the typically abused f* functions, apart from fmod.

fopen
fgets
fwrite
fclose
fseek
fputs
flock

Though you only really need to ban fgets, if you still want people to be able to use fopen in a non-abusing way.

Install Mod_Security. It disables proxies as soon as they are uploaded - so even if they do upload it, it will just return a blank page when they try to use it. It turns of some sort of function.

I kept fopen enabled since there are a bit of many scripts that requires this function. What I just did is to disallow remote downloads of specific filetypes (zip, iso, torrent, mov, mpeg, xvid, you name it) via mod_security. Seems working pretty well. Most probably stop those rapidleech abusers.

Snort it :) - http://www.snort.org

Give it a keyword - say proxy/proxie/leech whatever - and monitor your traffic.

Or don't and explain why you don't have 24/7 monitoring if it's a big problem

in my opinion instant activation should be a privilege of paid accounts. Give freeloaders 2-3 days to be activated.

Are these PHP proxies? If so 99% of them have one weakness... they won't get blocked if you enable safe mode, so don't bother with that. However, they're still very easy to block.

Just disable the function "fsockopen" and "pfsockopen." Turning that off ALONE will wipe out a lot of PHP proxies and leech scripts. They use this function to make connections to the sites, not so much fopen or the others. Also, disable the cURL functions if you have them enabled. I guarantee it will make a world of difference.