Protecting against Neopets Cookie Grabber (CGer) Guide

347 posts / 0 new
Last post
saudor
saudor's picture
Offline
Last seen: 1 day 13 hours ago
Joined: 10/06/2007 - 12:30pm
Protecting against Neopets Cookie Grabber (CGer) Guide

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)

[SHORT VERSION]

For the in-depth version, please see http://www.neopets.com/~punchback_bob
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here: http://www.mozilla.com/en-US/firefox/firefox.html?from=getfirefox

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running. 
Don't forget to whitelist neopets.com and any other sites that you trust (like hotmail.com) (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of http://images.neopets.com/flash_version_check_v1.swf? to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.

 

Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password

 

AttachmentSize
Image icon whitelist-neopets.gif74.73 KB
Image icon ablock-instructions.gif43.8 KB
saudor
saudor's picture
Offline
Last seen: 1 day 13 hours ago
Joined: 10/06/2007 - 12:30pm
RECENT UPDATES - March 11th, 2010 It appears that accounts that have not been logged in are getting broken into. Thus it is possible that the neopets DB could have been accessed, etc. Thus is it best to change this password every so often. FAN SITES make sure your neopets/email account password is DIFFERENT from the passwords you use at fan sites. To block neopets ads, follow the instructions here: http://www.neopets.com/~saudor#adblock For tips on blocking XSS exploits, please scroll above.
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
Pip
Pip's picture
Offline
Last seen: 11 years 2 months ago
Joined: 19/02/2009 - 5:36pm
Thanks for the heads up Dmitri! Very good advice because I have some kind of awful virus/worm/trojan thing on my computer. The day I got infected I had only been to neopets, a few neohelp sites, and Cnn.com. I don't to make any assumptions but I think it came from a help website, avoid ones unless they're known to be safe o-o
Spare a CC vote please? :* http://www.neopets.com/games/caption_browse.phtml
Nicann4
Nicann4's picture
Offline
Last seen: 11 years 1 month ago
Joined: 13/11/2007 - 7:47pm
Ugh I still have nightmares about when I was CG'd
gothsunprincess
gothsunprincess's picture
Offline
Last seen: 8 years 2 months ago
Joined: 01/10/2007 - 3:48pm
Ditto Nicole. Thanks for posting Dmitri.
neogery
neogery's picture
Offline
Last seen: 6 years 7 months ago
Joined: 20/03/2009 - 2:16am
what in the world are TNT doing not fixing this??? its beyond my comprehension :( thanks for the tips, Dmitri!
Sophie703
Sophie703's picture
Offline
Last seen: 6 years 10 months ago
Joined: 28/12/2007 - 8:56am
Thanks for the tips. :)
_jaspeh_
_jaspeh_'s picture
Offline
Last seen: 10 years 7 months ago
Joined: 21/09/2007 - 8:27pm
I think its truely horrible that this has been going on for about 9 months now? (maybe longer, who knows, but about 9 months since its been a huge problem) When it first started happening, I thought for sure it'd be fixed in a week or two, maybe a month cause TNT are slow. I wasnt buying from shops or anything cause I was so worried... but now its like you just have to hope you wont get CG'd cause as mallers, we all use the SSW daily! We cant avoid it. And its just totally ridiculous that TNT havent fixed such a major secuirty issue like this =(
[hr][size=11]Training, Luck & Medicine! ^_^ www.neopets.com/browseshop.phtml?owner=_jaspeh_&misc#c [/size]
Dennis_Anderson
Dennis_Anderson's picture
Offline
Last seen: 14 years 10 months ago
Joined: 18/01/2009 - 3:47pm
I was oddly logged out once last week and I signed back on and immediately changed my password and made sure the email hadn't changed. I chance my word at least once a week and anytime I snipe something or any time I get that feeling in my gut. I tried NoScript is annoyed the tar out of me.
killercars5000
killercars5000's picture
Offline
Last seen: 13 years 7 months ago
Joined: 28/02/2009 - 11:59am
Thx for the tips Dmitri. I didn't know you could get CG'd just by being on neopets o.0 *is more paranoid then ever*. Does anyone know any tips on how to stay safe on IE8?
gothsunprincess
gothsunprincess's picture
Offline
Last seen: 8 years 2 months ago
Joined: 01/10/2007 - 3:48pm
[quote]Does anyone know any tips on how to stay safe on IE8?[/quote] Umm. Switch to firefox? Sorry, I just really hate IE. =/

Pages