Protecting against Neopets Cookie Grabber (CGer) Guide

Submitted by saudor on Sun, 17/05/2009 - 8:13am

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)

[SHORT VERSION]

For the in-depth version, please see http://www.neopets.com/~punchback_bob
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here: http://www.mozilla.com/en-US/firefox/firefox.html?from=getfirefox

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running. 
Don't forget to whitelist neopets.com and any other sites that you trust (like hotmail.com) (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of http://images.neopets.com/flash_version_check_v1.swf? to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.

 

Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password

 

AttachmentSize
Image icon whitelist-neopets.gif74.73 KB
Image icon ablock-instructions.gif43.8 KB
Forums: 
Neopets Misc
  • 231141 reads

everyone should change their passwords now.
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Thu, 11/03/2010 - 8:46am |

lovely *unsure*
perpette | Thu, 11/03/2010 - 9:06am |

Yeah seriously someone doesnt have a life lol Anyways word has it that these idiots are breaking into neopets fansites and getting the passwords that way since people tend to use the same password everywhere. Or it could be that database issue. Rest assured though, the security imposed on neomallers is rock solid. Even if the database was broken into by any chance, the passwords are encrypted at a level that the encryption cannot be reversed. BUT, you should still use an unique word for this site too I'll change the server's root password when i get home again. (I cant change it now since i dont know what my server password is. It's that complicated lol)
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Thu, 11/03/2010 - 9:15am |

Ugh again? :K ___________ Kirsty aka "the sensitive one" Silverdragon siggy stealer Tasty tent seller
___________ Kirsty aka "the sensitive one" Silverdragon siggy stealer Tasty tent seller
kirsty_to_stay | Thu, 11/03/2010 - 9:22am |

Jen (misslegzz) from our UA board on Charter is one of the latest victims :( [hr] [url=http://www.neopets.com/browseshop.phtml?owner=inara60]Maps! Treasure, Laboratory & WC[/url]
[hr] [url=http://www.neopets.com/browseshop.phtml?owner=inara60]Lucky Treasure Maps![/url]
inara60 | Thu, 11/03/2010 - 10:08am |

logged into my e-mail and saw a lost-password attempt. thankfully the only place i use that password is neo and that neo-tied e-mail account. i changed my word anyways. --Manic http://www.neopets.com/browseshop.phtml?owner=tehubermanic
http://www.neopets.com/browseshop.phtml?owner=tehubermanic
tehubermanic | Thu, 11/03/2010 - 11:07am |

I jsut randomly got signed out from my account like...5minutes ago. Immediately noticed and changed my password and put all my NPs in the bank (everything has a pin (: ) Do you think I have a lot of reason to be worried and what should I do about it?
pandacat838 | Thu, 11/03/2010 - 1:43pm |

Thanks for posting this Dmitri. Was it another hacker that got into neo?
return_of_weatherbee | Thu, 11/03/2010 - 3:46pm |

PINs aren't doing anything apparently.
angel_shortcake | Thu, 11/03/2010 - 4:11pm |

Thanks for the update.
slaygal_of_sunnydale | Thu, 11/03/2010 - 5:13pm |

Pages