Protecting against Neopets Cookie Grabber (CGer) Guide

347 posts / 0 new
Last post
saudor's picture
Last seen: 2 weeks 5 days ago
Joined: 10/06/2007 - 12:30pm
Protecting against Neopets Cookie Grabber (CGer) Guide

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)


For the in-depth version, please see
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here:

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running. 
Don't forget to whitelist and any other sites that you trust (like (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.


Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password


Image icon whitelist-neopets.gif74.73 KB
Image icon ablock-instructions.gif43.8 KB
saudor's picture
Last seen: 2 weeks 5 days ago
Joined: 10/06/2007 - 12:30pm
RECENT UPDATES - March 11th, 2010 It appears that accounts that have not been logged in are getting broken into. Thus it is possible that the neopets DB could have been accessed, etc. Thus is it best to change this password every so often. FAN SITES make sure your neopets/email account password is DIFFERENT from the passwords you use at fan sites. To block neopets ads, follow the instructions here: For tips on blocking XSS exploits, please scroll above.

Protect your account
CG information & more

Pip's picture
Last seen: 9 years 1 day ago
Joined: 19/02/2009 - 5:36pm

Thanks for the heads up Dmitri! Very good advice because

I have some kind of awful virus/worm/trojan thing on my computer. The day I got infected I had only been to neopets, a few neohelp sites, and
I don't to make any assumptions but I think it came from a help website, avoid ones unless they're known to be safe o-o

Spare a CC vote please? Kiss 2

Nicann4's picture
Last seen: 8 years 11 months ago
Joined: 13/11/2007 - 7:47pm

Ugh I still have nightmares about when I was CG'd

gothsunprincess's picture
Last seen: 5 years 12 months ago
Joined: 01/10/2007 - 3:48pm

Ditto Nicole. Thanks for posting Dmitri.

neogery's picture
Last seen: 4 years 5 months ago
Joined: 20/03/2009 - 2:16am

what in the world are TNT doing not fixing this??? its beyond my comprehension Sad

thanks for the tips, Dmitri!

Sophie703's picture
Last seen: 4 years 8 months ago
Joined: 28/12/2007 - 8:56am

Thanks for the tips. Smile

_jaspeh_'s picture
Last seen: 8 years 5 months ago
Joined: 21/09/2007 - 8:27pm

I think its truely horrible that this has been going on for about 9 months now? (maybe longer, who knows, but about 9 months since its been a huge problem)
When it first started happening, I thought for sure it'd be fixed in a week or two, maybe a month cause TNT are slow. I wasnt buying from shops or anything cause I was so worried... but now its like you just have to hope you wont get CG'd cause as mallers, we all use the SSW daily! We cant avoid it. And its just totally ridiculous that TNT havent fixed such a major secuirty issue like this Sad

Training, Luck & Medicine! ^_^
Dennis_Anderson's picture
Last seen: 12 years 7 months ago
Joined: 18/01/2009 - 3:47pm

I was oddly logged out once last week and I signed back on and immediately changed my password and made sure the email hadn't changed. I chance my word at least once a week and anytime I snipe something or any time I get that feeling in my gut. I tried NoScript is annoyed the tar out of me.

killercars5000's picture
Last seen: 11 years 5 months ago
Joined: 28/02/2009 - 11:59am

Thx for the tips Dmitri. I didn't know you could get CG'd just by being on neopets o.0 *is more paranoid then ever*. Does anyone know any tips on how to stay safe on IE8?

gothsunprincess's picture
Last seen: 5 years 12 months ago
Joined: 01/10/2007 - 3:48pm

Does anyone know any tips on how to stay safe on IE8?

Umm. Switch to firefox? Sorry, I just really hate IE. =/