Protecting against Neopets Cookie Grabber (CGer) Guide

Submitted by saudor on Sun, 17/05/2009 - 8:13am

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)

[SHORT VERSION]

For the in-depth version, please see http://www.neopets.com/~punchback_bob
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here: http://www.mozilla.com/en-US/firefox/firefox.html?from=getfirefox

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running. 
Don't forget to whitelist neopets.com and any other sites that you trust (like hotmail.com) (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of http://images.neopets.com/flash_version_check_v1.swf? to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.

 

Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password

 

AttachmentSize
Image icon whitelist-neopets.gif74.73 KB
Image icon ablock-instructions.gif43.8 KB
Forums: 
Neopets Misc
  • 230761 reads

To be honest, anyone still using IE now needs shooting! Thanks Dmitri for putting that huge red warning link up there, hopefully more people will protect themselves now
___________ Kirsty aka "the sensitive one" Silverdragon siggy stealer Tasty tent seller
kirsty_to_stay | Thu, 02/07/2009 - 1:34am |

[quote=Dmitri][quote=perpette]Its probably everyone jumping to conclusions again.[/quote] Yeah probably but it doesnt hurt to be a little cautious i suppose[/quote] Doesnt hurt one bit ;) At least they aren't trying to blame you again lol Little banner and updates were a nice touch.
perpette | Thu, 02/07/2009 - 7:00am |

Thank you for all the help with this Dmitri, and thank you especially for providing pictures for us computer dummies :P
[hr] [url=http://www.neopets.com/browseshop.phtml?owner=inara60]Lucky Treasure Maps![/url]
inara60 | Thu, 02/07/2009 - 7:45am |

Updated again with a NEW CG. Very soon, I'll create a subscription on the neomallers server so your adblock can automatically add the CG urls as I add them to the database.
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Thu, 02/07/2009 - 9:38am |

That would be a very good idea! Your an angel for tracking these down!
perpette | Thu, 02/07/2009 - 10:06am |

Added that one too, thank you Dmitri!
[hr] [url=http://www.neopets.com/browseshop.phtml?owner=inara60]Lucky Treasure Maps![/url]
inara60 | Thu, 02/07/2009 - 10:15am |

Why in the world do some people think Dmitri is mean? Thank you soo much for alerting us and helping us get the best protection possible. You're awesome :* .:| Paint Brushes |:. http://www.neopets.com/browseshop.phtml?owner=heartlessness_&banner
heartlessness_ | Thu, 02/07/2009 - 11:32am |

Well I am mean. But lolol @ at the newbs on charter who think I'm unclean and CGed everyone. Oh well. Kinda funny cause one member in my guild just got CG'd and came to ME for help on getting uniced AFTER spreading rumors on charter. Ya know, I lurk alot more than that ;) Seriously.
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Thu, 02/07/2009 - 2:38pm |

I miss my charter access :( Annoyed me last time I lurked there and saw some people blaming you for it though! and wow that person has quite a nerve :O
___________ Kirsty aka "the sensitive one" Silverdragon siggy stealer Tasty tent seller
kirsty_to_stay | Thu, 02/07/2009 - 2:40pm |

Dmitri, does it have to be add block or does premium work?
------------------------------------------------------------------------------------------------------------- Go check out my battle, training, magic, and cures shop! http://www.neopets.com/browseshop.phtml?owner=hhh565
hhh565 | Sat, 04/07/2009 - 9:18am |

Pages