Protecting against Neopets Cookie Grabber (CGer) Guide

Submitted by saudor on Sun, 17/05/2009 - 8:13am

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)

[SHORT VERSION]

For the in-depth version, please see http://www.neopets.com/~punchback_bob
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here: http://www.mozilla.com/en-US/firefox/firefox.html?from=getfirefox

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running. 
Don't forget to whitelist neopets.com and any other sites that you trust (like hotmail.com) (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of http://images.neopets.com/flash_version_check_v1.swf? to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.

 

Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password

 

AttachmentSize
Image icon whitelist-neopets.gif74.73 KB
Image icon ablock-instructions.gif43.8 KB
Forums: 
Neopets Misc
  • 230806 reads

Okay I have been a member of this site for almost a year, sadly I have moved to N.C. and from a laptop to a dialup.. My pro name is lafever.. This is the problem, I moved and can't remember my user and password together so I open a new one with neomallers. I am worried because I recieved a junkmail from someone the other day asking to pay for my account with pay pal if I wasn't using it anymore... I expect this in my neopets email every once in awhile but I got this in my Junk on my hotmail account, including several other people... I think I got it 3 or 4 days ago and didn't think about it. Now I am nervous cause it's my hotmail not my Neo. I have the original I just want permission before I put it up. I think I should be concerned, but I am waiting for someone to say it. Thank you.
kafever2525 | Thu, 03/06/2010 - 9:39pm |

Feel free to post it. You can pretty much post anything here, within common sense of course ----------------------------- [color=purple]Contrary to popular belief, the Irish and I are not married[/color]
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Thu, 03/06/2010 - 9:45pm |

Oh I am full of common sense,yet I feel this is bad. How does a neo user get my hotmail junk even? I have used trade and what not, never got an e-mail. If I have I sure as heck didn't get it in my junk emails. I just want to know that my profile is okay and the others on this list are okay.
kafever2525 | Thu, 03/06/2010 - 9:58pm |

The user name is Saj J sent to my junk hotmail. I will not let go of all the names unless it is very dire. Am I really the only one? I thought this would be a big problem. Do you think my pro is okay?
kafever2525 | Thu, 03/06/2010 - 10:02pm |

You probably should so we're aware. What did the msg say? ----------------------------- [color=purple]Contrary to popular belief, the Irish and I are not married[/color]
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Thu, 03/06/2010 - 11:00pm |

By any chance, if you don't play neopets anymore, could I have your account? If you don't feel comfortable with that, I can buy it off you with real money and pay via paypal. Let me know This is not spam mail btw. If you want to talk about it, just reply. Even if your not interested, but just are curious as to how much Ill pay for the account, let me know. --------------------------------------------------------------------------------This was sent to 36 hotmail users before i got it. I use my account every day if not every other day
kafever2525 | Thu, 03/06/2010 - 11:10pm |

For the new CG in shops, before you buy, hover your mouse over the item and check the URL. I'll post a screenshot next time i find a CG shop TIP: if the scrollbar on your browser is teeny tiny, warning sign. Scroll down and check to make sure. If you see two items in a row. better head out. There is no CG inside the shop itself. Just the link so if you dont click, you're good. feel free to share this file to your neofriends who dont go on neomallers http://www.neopets.com/~punchback_bob
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Wed, 07/07/2010 - 8:58pm |

thanks dmitri :)
tatsulot | Thu, 08/07/2010 - 3:00am |

And report shops you actually see this in too. Is it good practice to report any shops where their images pop up an authentication box as well? I generally notice those sometimes looking through Huts.
zixianna | Thu, 08/07/2010 - 9:26am |

page updated with armoured negg info ----------------------------- [color=purple]Contrary to popular belief, the Irish and I are not married[/color]
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Sun, 11/07/2010 - 9:22pm |

Pages