I'm not exactly opposed to vigilantism in a case like this but I don't expect it would be very effective. I'm reminded of the little dutch boy plugging a hole in the dike with his finger. It's really far too easy to move to another server, IP, and or domain name.

The only real way to combat this kind of thing is with education.

The random data should be identical to valid data making it impossible to automatically parse out:

I think that's being optimistic. With IPs and datestamps, it would probably be pretty easy to separate the list into "probably real" and "probably not real" piles.

Sure I have reported it to Barclays but the server is in russia so they will not really be able to stop it. They probably don't care as their disclamer makes it THE CLIENTS problem.

I would guess they would care a great deal. The monies in the bank are probably insured against fraud up to some amount. Besides, banks make money by holding onto yours. They don't want to lose their customers' money to someone that will go put it in another bank, right? And, really, they don't want to lose your future business either. I would think that banks take a great deal of interest in this sort of thing.

I suppose I could ask one of my more dubious assocites to take the server down but that would probably hurt inoccent users as well.

I wouldn't worry about the other users. It is likely that there are no legitimate users of the machine or that the hosting provider is at least aware of the illegitmate users. But again, it's simply too easy for the perpetrators to move on, so I don't really see the point (except maybe to feel like you got a little revenge.)

-sauoq
"My two cents aren't worth a dime.";