Welcome ! edit account | X2 Profile: No X2 profile found | Site Theme: Summer14 | Account: Sign Up (FREE) User Login

Protecting against Neopets Cookie Grabber (CGer) Guide

345 replies [Last post]
saudor's picture
Offline
Site Admin
Joined: 10/06/2007

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)

[SHORT VERSION]

For the in-depth version, please see http://www.neopets.com/~punchback_bob
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here: http://www.mozilla.com/en-US/firefox/firefox.html?from=getfirefox

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running. 
Don't forget to whitelist neopets.com and any other sites that you trust (like hotmail.com) (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of http://images.neopets.com/flash_version_check_v1.swf? to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.

 

Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password

 

-----------------------------
Protect your account
http://www.neopets.com/~punchback_bob
CG information & more

saudor's picture
Offline
Site Admin
Joined: 10/06/2007
RECENT UPDATES - March 11th, 2010 It appears that accounts that have not been logged in are getting broken into. Thus it is possible that the neopets DB could have been accessed, etc. Thus is it best to change this password every so often. FAN SITES make sure your neopets/email account password is DIFFERENT from the passwords you use at fan sites. To block neopets ads, follow the instructions here: http://www.neopets.com/~saudor#adblock For tips on blocking XSS exploits, please scroll above.

-----------------------------
Protect your account
http://www.neopets.com/~punchback_bob
CG information & more

Pip
Pip's picture
Offline
NT Archivist
Joined: 19/02/2009

Thanks for the heads up mean tree! Very good advice because

I have some kind of awful virus/worm/trojan thing on my computer. The day I got infected I had only been to neopets, a few neohelp sites, and Cnn.com.
I don't to make any assumptions but I think it came from a help website, avoid ones unless they're known to be safe o-o

Spare a CC vote please? kiss

http://www.neopets.com/games/caption_browse.phtml

Nicann4's picture
Offline
Master
Joined: 13/11/2007

Ugh I still have nightmares about when I was CG'd

gothsunprincess's picture
Offline
Retired Staff
Joined: 01/10/2007

Ditto Nicole. Thanks for posting mean tree.

neogery's picture
Offline
Dedicator
Joined: 20/03/2009

what in the world are TNT doing not fixing this??? its beyond my comprehension sad

thanks for the tips, mean tree!

Sophie703's picture
Offline
Dedicator
Joined: 28/12/2007

Thanks for the tips. happy

_jaspeh_'s picture
Offline
Exalted Member
Joined: 21/09/2007

I think its truely horrible that this has been going on for about 9 months now? (maybe longer, who knows, but about 9 months since its been a huge problem)
When it first started happening, I thought for sure it'd be fixed in a week or two, maybe a month cause TNT are slow. I wasnt buying from shops or anything cause I was so worried... but now its like you just have to hope you wont get CG'd cause as mallers, we all use the SSW daily! We cant avoid it. And its just totally ridiculous that TNT havent fixed such a major secuirty issue like this =(


Training, Luck & Medicine! ^_^
www.neopets.com/browseshop.phtml?owner=_jaspeh_&misc#c
Dennis_Anderson's picture
Offline
Master
Joined: 18/01/2009

I was oddly logged out once last week and I signed back on and immediately changed my password and made sure the email hadn't changed. I chance my word at least once a week and anytime I snipe something or any time I get that feeling in my gut. I tried NoScript is annoyed the tar out of me.

killercars5000's picture
Offline
NeoMallers Elite
Joined: 28/02/2009

Thx for the tips mean tree. I didn't know you could get CG'd just by being on neopets o.0 *is more paranoid then ever*. Does anyone know any tips on how to stay safe on IE8?

gothsunprincess's picture
Offline
Retired Staff
Joined: 01/10/2007

Quote:
Does anyone know any tips on how to stay safe on IE8?

Umm. Switch to firefox? Sorry, I just really hate IE. =/

NeoMallers is made possible through non-obtrusive google ads.
Please consider whitelisting your adblockers to help with costs. Thank you!