I don't block it but I log it just in case. I haven't seen it do anything really bad.

On the other hand, if it's a forged UA then it'll get blocked by other means.

eSobiSubscriber is supposed to be an RSS feed reader so technically harmless, but that may not apply to its user. :)

I've had problems w/ "eSobiSubscriber" users because either that or something else aboard the same computer(s) acted akin to a bookmark checker apparently every time the user booted their browser. But the pages hit were not RSS -- any page was fair game.

After one nearly non-stop eSobi-using hitter last Feb., I decided to redirect (to an e-mail/info page) any UA containing "eSobi". Four months later, I've yet to hear from a single eSobi person.

E.g., to a resource-intense CGI:

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; eSobiSubscriber 2.0.4.16; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)

02/02 00:57:10
02/02 02:08:43
02/02 03:05:09
02/02 04:37:32
02/02 07:27:08
02/02 15:22:24
02/03 01:37:34
02/03 01:57:31
02/03 14:18:38
02/04 00:19:02
02/04 01:56:10
02/04 03:05:29
02/05 00:46:08
02/05 01:39:52
02/05 03:40:22
02/05 12:37:20
02/06 01:00:41
02/06 01:42:45
02/06 13:30:05
02/07 01:33:19
02/07 02:45:53

It's not just an RSS tool.
See the last two explanations on this page [esobi.com]

A version of the software comes bundled with Acer PC's

This made me go hmmmm...

Save your entire search results with a simple click; allows you to log and retrieve the searches any time you wish.

Click and save valuable news articles to eSobi Library directly for further managing.

Would it be correct to assume that the application uses IE to retrieve data?

Does the UA change if a user with the desktop app installed is browsing a website the traditional way? i.e. how not to block unsuspecting visitors...

Thanks, Pfui, Wilderness. What a (not) useful site! No JS, no visible site. Or put it another way: hide everything to force JS so we can (maybe?) serve up nasties.

After turning on JS: it certainly explains why I sometimes get non-stop scrapes from them.

Now blocked with explanation and report form.

And removed the block again. Too many hits originating from google with an appearance (at least) of validity.

Still logging it to look for patterns and bad behaviour.

Thanks for testing the water for us all dstiles

You're welcome. :)

Something I noticed in some of the eSobi UAs was GTB/0.0; which I assume is either a dummy GTB or an alpha version. I noticed this on its own in other suspicious circumstances (eg missing/faulty headers or dodgy toolbars) but blocking it seemed, again, to result in rejecting possibly valid hits.

I was tempted to ban eSobi when it appeared with this GTB but am still wary of it; maybe later.

Mostly my reason for saying the hits were "valid" is that they originated from google with reasonable search terms that matched the target sites if not the pages (which with G is currently hit/miss anyway!).

I was close to blocking esobi as I was getting direct visits to a directory signup page with no referer or images/CSS. However, I've started to get clearly 100% genuine traffic with "eSobiSubscriber" in the UA (signing up and posting on a forum, Google referrals, etc.):

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.4; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; eSobiSubscriber 2.0.4.16; AskTB5.6)

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; eSobiSubscriber 2.0.4.16)

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; eSobiSubscriber 2.0.4.16; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Orange 8.0)"

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.5; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; eSobiSubscriber 2.0.4.16; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; Orange 8.0)

Thanks dstiles and encyclo - going to monitor this one for a while...

I was hoping that the 'clipping and saving' application would have a different signature from that of the browser. No such luck I guess.