Banners injected in web pages at exit nodes TRHCourtney*

Freemor freemor at
Tue Jun 2 12:20:11 UTC 2009

On Tue, 2 Jun 2009 05:36:43 -0600
John Brooks <special at> wrote:

> Definitely abusive. Fortunately, because of how nearby most of the IPs
> are, Tor will treat them as family even if the operator neglected to,
> so it doesn't pose a risk to anonymity (other than the one outlying
> node, but even then it's a maximum of two), but this definitely looks
> like a badexit situation.
> Honestly, why does somebody run a tor node if they keep
> connection/session logs? Seems like an odd place to look for a
> paycheck.
>   - John Brooks
Might be worse then that.. at least for improperly configures clients..
there deos seem to be javascript injection:

<div id="floaterma9">
    <img src=""
style="display:none"></img> <script type='text/javascript'
    <style> body {
        margin: 0 0 0 0 !important;
    #Banner2 {
    #textme {

When I Followed
it had an interesting bit bit of code which linked to:
Which tries to load up SWF objects..
Haven't picked it all apart yet (still no coffee) but I'm guessing it's
either decloaking attempts or exploit attempts.

freemor at
freemor at

This e-mail has been digitally signed with GnuPG - ( )
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <>

More information about the tor-talk mailing list