Abuse Prevention


I am working for a VPN company. We have times where people will sign up for our service and then immediately start sending automated tweets and other nonsense. We try to immediately kick off these users from our service, however they do get through. I would like to do one of two things which proactively stomps out this kind of abuse:
1.) Receive a notice in email from twitter which says “At time XX:YY:ZZ GMT your IP A.B.C.D is approaching the threshold of being blocked” so that we can find out who was using twitter at that moment and deal with them before our other legitimate users of twitter get blocked from that IP as well.
2.) Please give some idea on what heuristics would be best in defining “what does a twitter abuser look like?” If it’s a certain number of connections per minute, or some particular pattern of behavior, we’d like to have some idea so we can try to identify abusers before they ruin it for the legit users.