Protecting against Neopets Cookie Grabber (CGer) Guide

Submitted by saudor on Sun, 17/05/2009 - 8:13am

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)

[SHORT VERSION]

For the in-depth version, please see http://www.neopets.com/~punchback_bob
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here: http://www.mozilla.com/en-US/firefox/firefox.html?from=getfirefox

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running. 
Don't forget to whitelist neopets.com and any other sites that you trust (like hotmail.com) (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of http://images.neopets.com/flash_version_check_v1.swf? to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.

 

Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password

 

AttachmentSize
Image icon whitelist-neopets.gif74.73 KB
Image icon ablock-instructions.gif43.8 KB
Forums: 
Neopets Misc
  • 231341 reads

[quote=gothsunprincess][quote]Does anyone know any tips on how to stay safe on IE8?[/quote] Umm. Switch to firefox? Sorry, I just really hate IE. =/[/quote] lol good answer :P For some reason, I don't like firefox. I quite like chrome, but its just so hard to kick my old habit of clicking IE when I want to use the internet :P
killercars5000 | Sun, 17/05/2009 - 12:55pm |

[quote=Dennis_Anderson]I was oddly logged out once last week and I signed back on and immediately changed my password and made sure the email hadn't changed. I chance my word at least once a week and anytime I snipe something or any time I get that feeling in my gut. I tried NoScript is annoyed the tar out of me.[/quote] I change my password a lot too, especially after a really good snipe.
melaka | Sun, 17/05/2009 - 1:17pm |

Since I got frozen, and watched Nicole and Amber go through it too, I change my password daily now.
[hr] [url=http://www.neopets.com/browseshop.phtml?owner=inara60]Lucky Treasure Maps![/url]
inara60 | Sun, 17/05/2009 - 1:30pm |

IE is the fastest way to get viruses, spyware, cookie grabbed etc. There's a bunch of cookie grabbers that actually dont run on firefox but runs perfectly on IE.
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Sun, 17/05/2009 - 2:02pm |

Whoa. I didn't know an information like this was posted. Eek, I shouldn't just look at the active topics. You're in for a surprise. Your wish has just been granted! http://www.neopets.com/browseshop.phtml?owner=1434sweet Do you need more shop sales? Come participate in a 4 million shop advertisement! Check my neopet's page for more details.
WOW! Selling: Maps, Neggs, Stamps, Coins, Cards, ETC! http://www.neopets.com/browseshop.phtml?owner=1434sweet#p
1434neopets | Wed, 10/06/2009 - 10:04am |

Now this is odd. Since I have no account, i decided to snoop those idiotic pages using a very special browser. It's a fake login page that's almost identical to the real one, except the information you put in gets sent to the idiot instead. However, there was no CG script/flash exploit unless they're using php to do it, which means noscript and flashblock wont help if you were to accidentally click those links (you would have to immediately log out instead)
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Mon, 15/06/2009 - 4:37am |

Another heads up.. People have been doing the fake login thing with tarla alerts and what not. Look before you click! -godofwrath33
-godofwrath33
Lost | Mon, 15/06/2009 - 5:08am |

I am so scared of this stuff... isn't neopets supposed to be about having fun? I thought it was just a game. I hate scammers ugg....
ugg | Mon, 15/06/2009 - 7:05am |

Updated and also linked from "neopets guides"
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Mon, 29/06/2009 - 2:58pm |

It's sad that this is still going on so frequently. I remember this being a huge fear of mine THREE years ago, before I quit. That actually being a huge factor of why I had quit for that time. Thanks for the tips!
[url=http://www.neopets.com/browseshop.phtml?owner=ivonne271]Battledome Weapons, Shields and Cures![/url]
ivonne271 | Mon, 29/06/2009 - 3:54pm |

Pages