When you search for "rippers 0", you'll find numerous mentions [google.com] here on WW and elsewhere about what it may be, ditto many iffy places from whence it comes.

Personally, I'd 403 it. If the name alone isn't enough of a red flag, the fact someone is using something atypical and/or joking and/or ignoring robots.txt, is enough for me to send the UA packing. And I'd also send the 'user' packing by blocking iffy Hosts/IPs and redirecting any apparently-legit ones.

Why so tough? Because there's no reason for anyone from anywhere to use 'ripper' anything (imho).

Alternatively, you could redirect the UA and Hosts/IPs to a special page with your e-mail address -- use a graphic; or reCAPTCHA'net's free Mailhide [mailhide.recaptcha.net] -- for access.

Note: If you opt for the latter route and use mod_rewrite, remember to !allow the special page and any graphic.

Like Pfui I am pretty simple and non-tolerant: That duck quacking suggests I protect bandwidth and associated costs with the boot. And (perhaps unlike Pfui, but I don't know this for a fact) I give the boot regardless of rDNS if I don't like the UA or the behavior. :)

Aside: Though on the commercial sites I am less restrictive but my hobby sites come out of my own pocket.

Realities of scale.

I whitelist. So I reckon that makes me a fairly hard-core, pro-boot, bot-spotter. And/or incrediBill's female counterpart. (Just minus cursing because I'm a lady, dammit:)

If nobody else says it, we do know you are a lady and we are well blessed with your presence.

Thank you.

Alternatively, you could redirect the UA and Hosts/IPs to a special page with your e-mail address -- use a graphic; or reCAPTCHA'net's free Mailhide [mailhide.recaptcha.net] -- for access.

Thanks, that is a great suggestion.

This is a commercial not a hobby site, and the users come from exactly the sort of organisations I do not want to block, so I do not want a very hardcore approach to this, so a moderate approach like that is perfect.

graeme_p, do these requests follow by Normal UA Requests from the same IP?

I have looked at the logs, and it appears that although statcounter claims the browser is "Rippers 0", the UA is IE7 with multiple versions of .NET CLR.

Looks like one of a Statcounter bug, an IE bug, or a .NET script of some kind.

@blend, any particular significance to that?

Could be that the browser has some type of half-backed plugin installed thar tries to follow the user around the web.

I have come to the conclusion that it is either a "half-baked" plugin as blend suggests, or something been done by corporate firewalls, so I am leaving well alone for the moment, and will implement Pfui's suggestion when I can.

Thanks for all the suggestions and advice.