This assumes the NSA don't have a root CA they can use to man in the middle SSL - an assumption that seems unlikely, given other well-publicised breaches of CA's:
By blocking a Tor exit you do not block the Tor network, as new exits are created all the time. Also the person doing the abusive behaviour, can continue without restriction, but you then frustrate users in regimes that do not have free speech.
So if you know an abusive user came from a Tor exit node, support freedom and don't block it. Block the user.
You may be running a forum, or some other way users can post to a site. Consider that while you might block an abusive user, you are also blocking people in countries that do not have a first amendment and speech is an issue of life or death.
I have no choice: i block Tor exits by IP. Why? Scammers use Tor to pass country filtering...
One of our customer found out that his ip was in our fraud log because his exit was use by African/Eastern European scammers. He suddenly realised that Tor was not only a free speach vector but also a tool used to scammers. Also that in case of ip identification he would have to deal with the police...
He shut his exit down...
I'm curious: how do they block Tor users? I don't know much about Tor, but I thought that the whole point was that one Tor user should be indistinguishable from another and that they all should be indistinguishable from "normal" users.
This is actually something which the infographic gets wrong as well. At the very least the sysadmin at Site.com should have the line "Tor" when you're using Tor, and probably also the Lawyer and the Police (assuming that the sysadmin logs IP addresses for requests, which is not too uncommon).
Tor isn't indistinguishable from normal use, that's a big reason why they want as many people using it for everyday browsing as possible.
They are trying as much as possible to minimize the distinctiveness, currently making it very similar to https traffic, and with Obfsproxy recently introduced.
So they can know that you are using Tor if they try hard enough, but not what you are doing with it, which is the important part.
edit:
The previous comment was about what a state can determine about you. Websites can just download the list of exit nodes and block access from those IPs.
Everyone could be if they wanted, but obviously it makes it look like someone else's traffic came from your home, so only a good idea if you're prepared for dealing with any complaints that could arise from that.
SSL is essential for any site that requires logins to protect your username/password and session to protect it from being hijacked. Tor only needs to be used if anonymity is necessary.
http://www.pcworld.com/businesscenter/article/249510/trustwa...
http://www.schneier.com/blog/archives/2010/04/man-in-the-mid...
http://www.darkreading.com/authentication/167901072/security...
http://betanews.com/2010/03/25/has-ssl-become-pointless-rese...
http://lwn.net/Articles/372264/
http://blogs.cisco.com/security/black_hat_usa_2009_summary/
... etc