So far I have not tried mod_evasive, is it a good module to detect attacks coming via proxy as well?
It reacts per IP address, so if there's one of many people behind the same proxy or NAT device that fscks up, they all get blocked for the duration of DOSBlockingPeriod. Good suffer for the Bad.
I have found the step by step instructions to install it when I do a google search for "mod_evasive" and click on the second link. (It is not allowing me to post the link here) Can you please let me know if this looks ok and would work as a good solution?
They're all good as long as you pick the right values for your Apache-1 or 2 series config. Make sure you whitelist your management IP range. Then monitor and adjust. Do NOT block using Iptables firewall rules as stated on some sites unless you dump them in a temporary chain that gets cleaned up once so often.
In addition to this are there any additional utilities that might help?
I did menation looking for an anti-leech download thingie already. You could use filter user agents in the Apache config or use mod_security for that (setting another UA is easy). Or check out http://gentoo-wiki.com/HOWTO_Apache_...width_limiting
(no mod_limitipconn or mod_throttle for Apache-2). Or Iptables modules like recent and hashlimit. Or host the files on FTP and make the FTP daemon throttle or set a cap. Or maybe trade in your Apache for another webserver, like LiteSpeed which has built-in IP level throttling (though only the std ed is free). Or run Squid in front of the webserver so the proxy takes the hits.
BTW, what category files are we talking about? Warez, carding, pr0n, literature (ooh, naughty), what? ;-p