Protecting against Neopets Cookie Grabber (CGer) Guide

Submitted by saudor on Sun, 17/05/2009 - 8:13am

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)

[SHORT VERSION]

For the in-depth version, please see http://www.neopets.com/~punchback_bob
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here: http://www.mozilla.com/en-US/firefox/firefox.html?from=getfirefox

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running. 
Don't forget to whitelist neopets.com and any other sites that you trust (like hotmail.com) (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of http://images.neopets.com/flash_version_check_v1.swf? to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.

 

Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password

 

AttachmentSize
Image icon whitelist-neopets.gif74.73 KB
Image icon ablock-instructions.gif43.8 KB
Forums: 
Neopets Misc
  • 230790 reads

Anyone that's using the No Script add on for firefox having trouble with Facebook?
return_of_weatherbee | Thu, 11/03/2010 - 5:13pm |

You need to allow all this page on facebook. At least that's what I do. :P But FYI adblock interferes with some apps. =/ We weren't born to follow ♥
Spare a CC vote please? :* http://www.neopets.com/games/caption_browse.phtml
Pip | Thu, 11/03/2010 - 6:00pm |

Ahh ok. Well I already whitelisted fb. I still can't comment on peoples' status or my own.
return_of_weatherbee | Thu, 11/03/2010 - 6:16pm |

[quote=saudor]Yeah seriously someone doesnt have a life lol Anyways word has it that these idiots are breaking into neopets fansites and getting the passwords that way since people tend to use the same password everywhere. Or it could be that database issue. Rest assured though, the security imposed on neomallers is rock solid. Even if the database was broken into by any chance, the passwords are encrypted at a level that the encryption cannot be reversed. BUT, you should still use an unique word for this site too I'll change the server's root password when i get home again. (I cant change it now since i dont know what my server password is. It's that complicated lol)[/quote] Seriously doesnt have a life *lol* I figured you would have us all nice and protected :) Im just not ready to worry about this crap every day again, but I am sure they will all start up full force so they can have a good stock pile of things to sell for cash before summer starts. You would think tnt had a few people who's jobs were nothing but watching for these sites and taking them down with legal threats. *unsure* [quote=return_of_weatherbee]Ahh ok. Well I already whitelisted fb. I still can't comment on peoples' status or my own.[/quote] If I remember right the feed comes from its own address you have to allow. If you click on your S in the bottom corner it should tell you what is still blocked on the page.
perpette | Fri, 12/03/2010 - 5:40am |

There is no such thing as 100% security to it doesnt hurt to be careful :P But so far, every attempt has been stopped by the script though. I recently disabled images in forums as well since it's possible to hotlink an image to some script and i have no idea how the browser might handle such a weird... well handling of that "image file" so best to avoid it. The new sales history tracker is going to be a bit problematic though. But hopefully, i can set it up pretty nicely. At the very least, if CGs are going to be posted there, it'd only affect the person's own account, not everyone else's
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Fri, 12/03/2010 - 6:01am |

Thanks for the help! Got it fixed.
return_of_weatherbee | Fri, 12/03/2010 - 8:30am |

yes I had everything pinned and they still got my pets and nps. I have no script as well. Apprently gmail may be the source, I really can't tell you what happened. I know I didn't go to any sites that are malicious. only sites I went to was JN and sunny. if anyone has gmail assosiated with their acc I would suggest changing it.
misslegzz | Fri, 12/03/2010 - 10:56am |

Every 2-3 days a new password? Is someone actually in the database now and can get what they want? What if I change my PW now and don't log in for a few days? Can they still get my account because they got PWs? --- Step outside, take a breath of fresh air, then look down to see if you have a new text message.
[color=Gray]Good Idea: Feeding stray kittens in the park. Bad Idea: Feeding stray kittens in the park... to a bear.[/color]
davymuncher | Fri, 12/03/2010 - 6:26pm |

Ugh this is the first time I've had this problem; I have my UL set up just how I want it but the filter tags won't let me keep it, I'm not good enough at coding to know what I'm doing (Using a premade layout on top of another link that leads straight to a preferred link of mine , I don't want that messed up!), and they have the PW change as the same page as the UL coding. --- Step outside, take a breath of fresh air, then look down to see if you have a new text message.
[color=Gray]Good Idea: Feeding stray kittens in the park. Bad Idea: Feeding stray kittens in the park... to a bear.[/color]
davymuncher | Fri, 12/03/2010 - 6:30pm |

[quote=davymuncher]Every 2-3 days a new password? Is someone actually in the database now and can get what they want? What if I change my PW now and don't log in for a few days? Can they still get my account because they got PWs? --- Step outside, take a breath of fresh air, then look down to see if you have a new text message.[/quote] It's been a couple days, anyone want to answer? --- Step outside, take a breath of fresh air, then look down to see if you have a new text message.
[color=Gray]Good Idea: Feeding stray kittens in the park. Bad Idea: Feeding stray kittens in the park... to a bear.[/color]
davymuncher | Sun, 14/03/2010 - 6:35pm |

Pages