Protecting against Neopets Cookie Grabber (CGer) Guide

Submitted by saudor on Sun, 17/05/2009 - 8:13am

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)

[SHORT VERSION]

For the in-depth version, please see http://www.neopets.com/~punchback_bob
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here: http://www.mozilla.com/en-US/firefox/firefox.html?from=getfirefox

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running. 
Don't forget to whitelist neopets.com and any other sites that you trust (like hotmail.com) (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of http://images.neopets.com/flash_version_check_v1.swf? to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.

 

Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password

 

AttachmentSize
Image icon whitelist-neopets.gif74.73 KB
Image icon ablock-instructions.gif43.8 KB
Forums: 
Neopets Misc
  • 231127 reads

Somethings going on again ;_; My guild leader is iced and she changed her word this morning after loosing items and now people are saying don't change your word o_O IDK what neo is coming to
Spare a CC vote please? :* http://www.neopets.com/games/caption_browse.phtml
Pip | Fri, 31/07/2009 - 3:21pm |

Yeah, everyone is saying that are intercepting pin number and password changes. I'm pretty worried. I changed my word about 3-4 days ago and forgot it the next day. I emailed my password to myself about 5 times & it never came. Eventually I remembered the password and checked to see if my email address had been changed. It had not! I just never got the mail - who knows where they went?!? Neopets is definitely not spam on my inbox as I've requested my password and such before.. very worrisome times indeed..
- Kara
supre_drake | Fri, 31/07/2009 - 3:46pm |

Yep, I am taking a haitus from neopets pretty much. I will still get on everyday and do my guild chores and throw my money from my shop till in the bank but other than that I am not going to do any restocking except from the neopian shops when i have time. This is getting ridiculous on neopets and until they acknowledge that they have issues with their security it is not going to get anything but worse and that is just a shame.
lastcountryangel | Fri, 31/07/2009 - 5:02pm |

I mostly shop from neopian shops anyway. But when I look for hard to get items, I try to stick to well known neo players and only restock from them. This whole CG thing is annoying:(
http://www.neopets.com/browseshop.phtml?owner=atlantissix
six | Fri, 31/07/2009 - 9:38pm |

This is silly. :c I've been completely oblivious to this whole CG situation until today. I just returned to Neo about a month ago, and I've done possibly everything that was told not to do in this board. I'm using IE 8, minimal virus/internet protections, and I restocked about 400 items from neopian shops. -facepalm- Also been visiting the boards quite frequently... But from the looks of it, I haven't been CG'd yet. I'm really concerned though. If you've been CG'd, do you see the effect immediately? Or does it take a while sometimes? @_@ -paranoid- Also, does anyone know if CGs work in China? One possibility that I haven't fallen victim could be that I'm on vacation in Beijing... Who knows what China's giant firewall could block? So far it's managed to screw up and not display about half the sites (including youtube ;A; ). My air conditioner also seems to be broken and I can't turn it off. It's getting really cold here. ;3;
Jenny. | Sun, 02/08/2009 - 3:02am |

I got CG'd! I logged-out, logged back in and changed my password -- is that right??? I know because I had about 12K out of the bank and took out 182,592 and then a second later I had 94,723 left. I had 99,869 taken in a flash! Grrrr! I have to turn off the encryption thingy to play a game and forgot to turn it back on! Dang it!! _____________________________________________________ ~ Mimi's Ménagerie Avatars ~ http://www.neopets.com/browseshop.phtml?owner=temps_bons&misc
~ Mimi ~ http://www.neopets.com/~Amyrilli
temps_bons | Mon, 03/08/2009 - 1:00am |

[quote=temps_bons]I got key grabbed! I logged-out, logged back in and changed my password -- is that right??? I know because I had about 12K out of the bank and took out 182,592 and then a second later I had 94,723 left. I had 99,869 taken in a flash! Grrrr! I have to turn off the encryption thingy to play a game and forgot to turn it back on! Dang it!! _____________________________________________________ ~ Mimi's Ménagerie Avatars ~ http://www.neopets.com/browseshop.phtml?owner=temps_bons&misc[/quote] Wow sorry about the loss. Good luck rebuilding. D:
seanaf | Mon, 03/08/2009 - 12:58am |

[quote=seanaf][quote=temps_bons]I got key grabbed! I logged-out, logged back in and changed my password -- is that right??? I know because I had about 12K out of the bank and took out 182,592 and then a second later I had 94,723 left. I had 99,869 taken in a flash! Grrrr! I have to turn off the encryption thingy to play a game and forgot to turn it back on! Dang it!! _____________________________________________________ ~ Mimi's Ménagerie Avatars ~ http://www.neopets.com/browseshop.phtml?owner=temps_bons&misc[/quote] Wow sorry about the loss. Good luck rebuilding. D:[/quote] It's really not that much, I'm just glad I caught it before they cleaned me out! Thank you though for your kind words! :) _____________________________________________________ ~ Mimi's Ménagerie Avatars ~ http://www.neopets.com/browseshop.phtml?owner=temps_bons&misc
~ Mimi ~ http://www.neopets.com/~Amyrilli
temps_bons | Mon, 03/08/2009 - 1:02am |

Sure you didn't get hit by some sort of np hitting random event? As I can see no reason why a thief would only take some of what you had on hand. It would make more sense for them to take the lot (unless you were to have more than 800k on hand as this would then be a longer process) EDIT - never mind, checked your game scores myself and nothing fit, still seems super odd though. No matter what method they would be using to take the np they could quite easily have cleared everything you had on hand in a flash
___________ Kirsty aka "the sensitive one" Silverdragon siggy stealer Tasty tent seller
kirsty_to_stay | Mon, 03/08/2009 - 4:23am |

[quote=kirsty_to_stay]Sure you didn't get hit by some sort of np hitting random event? As I can see no reason why a thief would only take some of what you had on hand. It would make more sense for them to take the lot (unless you were to have more than 800k on hand as this would then be a longer process) EDIT - never mind, checked your game scores myself and nothing fit, still seems super odd though. No matter what method they would be using to take the np they could quite easily have cleared everything you had on hand in a flash[/quote] I took the nps out of my account and then closed that window to go back to restocking. I was curious to see how much the total nps were so I refreshed the window I had been using to RS... Bam! I saw the total, looked at my premium portal to see that I had not imagined doing that then I logged-out immediately. I thought the same thing you did, "What in the world did they do to get 99K out so fast and why only that amount? I guess they needed my pin number because that was the first time I put it in on that session I think (withdrawing from the bank). When I logged back in I looked for the Tax Beast and scanned the other games to see if I could figure it out. I am so glad Dmitri told us to log-out as soon as we noticed something. After I logged-out I turned the key scrambler back on (I am such an idiot) then logged back in and changed all security info. No more problems since. _____________________________________________________ ~ Mimi's Ménagerie Avatars ~ http://www.neopets.com/browseshop.phtml?owner=temps_bons&misc
~ Mimi ~ http://www.neopets.com/~Amyrilli
temps_bons | Mon, 03/08/2009 - 5:34am |

Pages