Hotel’s that offer free WiFi access generally get a thumbs-up from most travelers in that regard but it turns out that your destination could actually be making money from you while you are on their network.

During a recent stay at the Courtyard Marriot in Midtown Manhattan, web designer Justin Watt noticed something unusual when visiting his blog. At the top of the page was a strange dark colored bar that shouldn’t have been there. Watt said he wouldn’t have thought much of it except that his site had recently been hacked so he immediately decided to view the source.

Update: After this report become widespread during the weekend, Marriott responded on Monday saying it's stopping the use of the ad plug-in platform on two of its hotels where they were "not aware of the ad-serving practice."

What he found was some unfamiliar CSS and JavaScript that had been injected after the header tag, and it wasn’t happening on just his page. As it turns out, the hotel was inserting code into every website that he visited. The code would allow the hotel to serve ads to the client without their knowledge or the site creator’s permission.

The New York Times was able to independently verify Watt’s claims as well, noting the code was embedded on several sites including Reddit, GigaOM and TechMeme. It’s worth clarifying that the code wasn’t actually displaying ads but certainly had the capability to do so.

The code references a product called Revenue eXtraction Gateway which is a service that generates income for Internet access point owners. RG Nets, the company that created the service, says their system rewrites websites on-the-fly to include a banner ad.

The Courtyard Marriot was unable to be reached for comment and RG Nets’ automated answering system repeatedly hung up on calls from the Times.