Protecting against Neopets Cookie Grabber (CGer) Guide

Submitted by saudor on Sun, 17/05/2009 - 8:13am

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)

[SHORT VERSION]

For the in-depth version, please see http://www.neopets.com/~punchback_bob
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here: http://www.mozilla.com/en-US/firefox/firefox.html?from=getfirefox

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running.
Don't forget to whitelist neopets.com and any other sites that you trust (like hotmail.com) (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of http://images.neopets.com/flash_version_check_v1.swf? to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.

Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password

Attachment	Size
whitelist-neopets.gif	74.73 KB
ablock-instructions.gif	43.8 KB

Forums:

Neopets Misc

Thanks for the updates o

Thanks for the updates on the boards. I haven't been posting there for about a week now, so that should help a bit. It really is annoying to have to watch your own every move on Neo, but I'd rather be safe. So thanks to all who update this board.

slaygal_of_sunnydale | Wed, 08/07/2009 - 12:12pm | Permalink

I noticed that after

I noticed that after downloading all the recommended things, I cannot play Bullsye because it acts as if the 'space bar' is stuck. Any way to fix this? =} Thanks!

lariboo | Sat, 11/07/2009 - 2:53pm | Permalink

I loaded some of the

I loaded some of the recommended ad ons. Well like adon and no script. It may be a coincendence but since I have loaded them, I am not able to go the to NC mall. I have unloaded these from my computer in an effort to see the NC mall again and that doesn't seem to have helped. I know what when you remove programs they are really only partially gone. Does anyone else have some insight on this and how to fix this error.

A Simple Thank You Goes a Long Way!

bsmith97 | Sat, 11/07/2009 - 3:19pm | Permalink

Hmm I have all the ad-on

Hmm I have all the ad-ons downloaded and can see most of the NC mall except for my pet's picture with the flash one I think you can hit play and the flash item/game will appear

Spare a CC vote please? :* http://www.neopets.com/games/caption_browse.phtml

Pip | Sat, 11/07/2009 - 3:27pm | Permalink

I just got iced (and mel

I just got iced (and melted) most likely as a result of a CG. Although most people here already know this, but if not, in addition to the recommendations about blocking CGs, you should make sure that you have PINs setup on everything and don't keep much NP out of bank or shop till. That way, even if someone does hack you, its a lot less likely that they'll be able to do much damage. Also, it may be just me, but it appears that neo likes icing accounts that report SCAMs to neo. In my case, I reported the CG to neo and the account in question was frozen within an hour, but my account was also iced several days later when I'm pretty sure there was no active SCAM taking place. Pretty sad when the 'good guy' is the one getting iced. The same thing happened to me about a year ago when I reported a scam to neo. - peter

bid_on_it_3 | Sun, 12/07/2009 - 8:18am | Permalink

ugg wrote:seanaf

[quote=ugg][quote=seanaf]Correct me if I am wrong but Mac users can still get CGed under the right conditions. For example using internet explorer as a browser and such.[/quote] Thanks for replying. I think I am safe from one type of CG'er since I don't use IE =D[/quote] Yes, Macs can get CGed. I was running Firefox on a MacBook when I got CGed. The script is being run in the browser, it's not native code. So the Mac (at least running Firefox) can get CGed just as easily as a PC. Use PINs on everything and don't keep much NP/items out of bank, shop till or SDB. - peter

bid_on_it_3 | Sun, 12/07/2009 - 8:33am | Permalink

Glad your back bid_on_it

Glad your back bid_on_it3 :), thanks for the advice, I hope you didnt lose too much.

Nilrem | Sun, 12/07/2009 - 9:19am | Permalink

rofl Just got a webmail

rofl Just got a webmail from "[email protected]" Said I posted my email address and it violated the rules. So please reply with my username, password and PIN. hahahaha wow thats funny :P Always heard about these, but never got one till now

[hr][size=11]Training, Luck & Medicine! ^_^ www.neopets.com/browseshop.phtml?owner=_jaspeh_&misc#c [/size]

_jaspeh_ | Wed, 15/07/2009 - 2:50pm | Permalink

hi there ; i really don,

hi there ; i really don,t want to sound stupid in asking for some help an asking this but i,m rather unsure of this hole CG situation . so here is my situation . i,m not really all that good with computers i,m self tought an although i can do alot more on my comp than the average indivual i,m not sure about this matter . i have been looking into it an reading anywere an everywere i can . but have not found any info that is helpful to me . i,m unable to download any browser on my comp other than EI . my comp crashes everytime i do ( just let me say trying to have FF has cost a few $$ with the geek squad comming an reformating ) . any way due to this problem i have had spybot - search & destroy added to my comp as well as having norton 360 added to my comp . both have safe guards in them an supposedly protect my comp from all forms of external access of my comp an others accessing any info from it . i get a notification window if any access is detected by any program i haven,t personally added to my safe list . ( hopefully some one has an answer for me as this is the best place i found for info on this situation , big comment an high points go out to you for it an your help / warning to everyone ! ) so my question is this are the spybot - search & destroy an the norton 360 really protecting my comp or at least helping protect my comp from this CG problem or am i just taking my neo account into my own hands every time i access the site to browse an buy ? thank you to all who read my post . i look forward to any answers or thoughts that any one may have on my situation . thank you so much ! ziggy

ziggypop302 | Mon, 20/07/2009 - 1:14pm | Permalink

to _jaspeh_ . the thing

to _jaspeh_ . the thing that suprises me more is how many users reply to that mail an sent them their info . ziggy

ziggypop302 | Mon, 20/07/2009 - 1:20pm | Permalink

You are here

Protecting against Neopets Cookie Grabber (CGer) Guide

Pages