Your safe.

The only exception that I recall is one bot (whose name escapes me) that uses a Java UA on very rare ocassions.

Don

As Wilderness said... 99.9% of the time it's a bot, or person up to no good. I've been banning the Java UA for years and haven't seen any ill effects.

I agree about being safe by banning them. The hundred or so I have encountered were all exploit seekers or sophisticated e-mail address harvesters.

Thanks people.

Much apprecated.

To be honest, as long as Google, Yahoo and MSN aren't likely to be affected, I'll take the risk of upsetting that .1% legitimate visitors. ;-)

If they are ignoring your robots.txt file like they ignored mine, ban them. I set up a script to automatically ban them based on IP address, not so much UA, but if they trigger the trap, then off with their bot-head.

To be honest, as long as Google, Yahoo and MSN aren't likely to be affected, I'll take the risk of upsetting that .1% legitimate visitors. ;-)

If you ever want to use the Google "Remove URL" tool, you need to be aware it uses a Java UA. If you are certain you will never use that tool you are OK, otherwise you might need to whitelist the relevant Google IPs.

Always good to know.

I manually review bots before banning them. And this time these bots must have ripped through most of my site in the two days it took me to notice them. I don't check the logs every day and this bunch seem to have systematically trawled every single directory and link they could find. Although they didn't fall for any of my robots.txt honeypot directories, so perhaps they respect the robots rule.

Ho hum. At least they won't be back hopefully.

... and for anyone interested, just impliment the following in your .htaccess:

RewriteCond %{HTTP_USER_AGENT} Java [NC,OR]

Seems to take care of any/all instances... I've used this line for years with no ill-effects... however you should use your own discretion when banning bots.