@martinus @leah Sorry, I wasn't being clear!
What I meant to point out is that at least within the UK you can make their action illegal by telling them (human-to-human) that their access to your servers is now unauthorised.
Usually, as you point out, the troublemaker goes away relatively soon anyway. But for persistent long-term repeat offenders it's a useful tool. I have used it with bad search spiders, SEO companies, and recently AI nonsense.
@EarthOrgUK @leah I live in Belgium and what you mention is a very interesting way to go or add to the toolkit. I'm not sure how our legislation is about this subject, but I guess there will be not too much. The governments here are quite apathic with new technologies, even backwards.
This is an interesting method to study.