Protecting against Neopets Cookie Grabber (CGer) Guide

Submitted by saudor on Sun, 17/05/2009 - 8:13am

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)

[SHORT VERSION]

For the in-depth version, please see http://www.neopets.com/~punchback_bob
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here: http://www.mozilla.com/en-US/firefox/firefox.html?from=getfirefox

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running. 
Don't forget to whitelist neopets.com and any other sites that you trust (like hotmail.com) (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of http://images.neopets.com/flash_version_check_v1.swf? to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.

 

Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password

 

AttachmentSize
Image icon whitelist-neopets.gif74.73 KB
Image icon ablock-instructions.gif43.8 KB
Forums: 
Neopets Misc
  • 230794 reads

thanks for the tips!!
Junamai | Mon, 29/06/2009 - 3:59pm |

heh i only use ie on here because, no offense, i don't log into any fan sites on the same browser as my neo accout. so i'm glad you have formatting extras blocked here. but thanks for the tips.
melaka | Mon, 29/06/2009 - 4:46pm |

How Do u White list something and What is it?
Pm Me If U know about hacking programs plz its urgent
Slightlyking | Mon, 29/06/2009 - 5:47pm |

Thank you for the warning Dmitri! The CG problem is seriously getting out of hand.
seanaf | Mon, 29/06/2009 - 7:53pm |

ahh... I am so scared =X Thanks for the tips=D
ugg | Mon, 29/06/2009 - 9:15pm |

looks like the new cger or whatever uses some programing language I know nothing about (it's called eval) but I guess it has something to do with getting and interpreting data. i wandered into a shadyshop tonight on neo and poked around in their source code and found a couple of lines of coding that I knew didn't belong there, that contained a bunch of numbers and a reference to "eval". Dmitri, you probably have a pretty decent idea of how that thing works.
bête noire (bet-NWAHR) noun: An object or person that is particularly disliked or that is to be avoided
demirep77 | Mon, 29/06/2009 - 10:09pm |

Not really - would have to see the source code to see what it does :P
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Tue, 30/06/2009 - 3:23am |

Ok so I was using ff but not the ad ons, i added them last night though ;) Im just not going to shop for a while I dont think, ill let my shop slip and rs only from the clothing shop if I have to!
___________ Kirsty aka "the sensitive one" Silverdragon siggy stealer Tasty tent seller
kirsty_to_stay | Tue, 30/06/2009 - 3:26am |

[quote=killercars5000]Thx for the tips Dmitri. I didn't know you could get CG'd just by being on neopets o.0 *is more paranoid then ever*. Does anyone know any tips on how to stay safe on IE8?[/quote] Only if you use Internet Explorer. You can still get Cged if you click an invisible link though
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Tue, 30/06/2009 - 3:28am |

eval is a function used in several programming styles, not the type of code itself. And there is probably the loop hole they found to use.
perpette | Tue, 30/06/2009 - 7:34am |

Pages