Protecting against Neopets Cookie Grabber (CGer) Guide

Submitted by saudor on Sun, 17/05/2009 - 8:13am

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)

[SHORT VERSION]

For the in-depth version, please see http://www.neopets.com/~punchback_bob
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here: http://www.mozilla.com/en-US/firefox/firefox.html?from=getfirefox

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running. 
Don't forget to whitelist neopets.com and any other sites that you trust (like hotmail.com) (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of http://images.neopets.com/flash_version_check_v1.swf? to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.

 

Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password

 

AttachmentSize
Image icon whitelist-neopets.gif74.73 KB
Image icon ablock-instructions.gif43.8 KB
Forums: 
Neopets Misc
  • 230801 reads

i've been on neopets for 2 years now... havent been CGed once
coolway1999 | Sun, 01/08/2010 - 4:07pm |

anyways i really hope that the CGers stop
coolway1999 | Sun, 01/08/2010 - 4:09pm |

[quote=coolway1999]anyways i really hope that the CGers stop [/quote] [color=grey]Don't we all! Ugh, I'm starting to think that the force TNT has on security knows no more than me about coding (And that's very little; I can only do stuff with a good tutorial... they might not even be able to do that *lol* .)[/color] --- [color=blue] From the land where Funny is a smell and Peachy is an emotion... [/color]
[color=Gray]Good Idea: Feeding stray kittens in the park. Bad Idea: Feeding stray kittens in the park... to a bear.[/color]
davymuncher | Wed, 04/08/2010 - 1:40pm |

Okay, some person posted a board saying they had 3 Pikepikes in their shop for 35k. Upon running their name in IE, I found this attempted javascript in thier lookup, as well as (as far as I can tell), a request from Neopets to 2o7.net I am a n00b with javascript, but it almost seems as if this code has been 'encrypted'. I use the term lightly, because what it seems to me, is that instead of using regular text, they used charcodes to represent coding, using the ascii values for the chars. I could be totally wrong, but I figured Id post this, as maybe one of you java swavy folks might know whats going on here: [font=Courier New] -------------------------------------------------------------- The STUFF - Mainly Codestones @ reasonable prices http://www.neopets.com/browseshop.phtml?owner=whispering_acara&misc [/font]
whispering_acara | Sun, 08/08/2010 - 2:44am |

I think that's dead code. It wont run in firefox but it will probably run on internet explorer. Either way, requestpolicy blocks it. ----------------------------- [color=purple]Contrary to popular belief, the Irish and I are not married[/color]
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Sun, 08/08/2010 - 5:39am |

Thanks. The only reason I caught this, was when I tried using the back button in FF, it would not take me back, the page was acting funny, and thats when I checked RP. FF > IE anyday :D EDIT - okay, so I have no clue if this is possible, but I just noticed that the same site (2o7.net) was blocked by RP, right on a board in the BD Chat?! Also, I didnt really follow through, because I am not sure if they are attention seekers, or the actual CGers, but there were two people in the boards, that seem to be confessing to getting into someones account and Green Uni Morphing the persons pets. Is it possible that CG injections can be inserted via the boards? [font=Courier New] -------------------------------------------------------------- The STUFF - Mainly Codestones @ reasonable prices http://www.neopets.com/browseshop.phtml?owner=whispering_acara&misc [/font]
whispering_acara | Sun, 08/08/2010 - 8:45am |

That 2o7.net is on other websites too. I noticed it on ebay as well. I believe it's some sort of ad. *googles it* Something to do with Adobe Reader *unsure*
Artemis | Sun, 08/08/2010 - 8:52am |

[color=gray]Wasn't there a period of time when CGers figured out a way to post malicious code on the boards, though it got fixed?[/color] --- [color=blue] From the land where Funny is a smell and Peachy is an emotion... [/color]
[color=Gray]Good Idea: Feeding stray kittens in the park. Bad Idea: Feeding stray kittens in the park... to a bear.[/color]
davymuncher | Sun, 08/08/2010 - 3:09pm |

yup
Supernoobz | Sun, 08/08/2010 - 3:14pm |

2o7.net is a tracking cookie site used by Adobe. You don't have to worry about your Neo cookie being stolen by them, but block it anyway :)
zixianna | Sun, 08/08/2010 - 3:36pm |

Pages