Protecting against Neopets Cookie Grabber (CGer) Guide

Submitted by saudor on Sun, 17/05/2009 - 8:13am

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)

[SHORT VERSION]

For the in-depth version, please see http://www.neopets.com/~punchback_bob
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here: http://www.mozilla.com/en-US/firefox/firefox.html?from=getfirefox

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running. 
Don't forget to whitelist neopets.com and any other sites that you trust (like hotmail.com) (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of http://images.neopets.com/flash_version_check_v1.swf? to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.

 

Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password

 

AttachmentSize
Image icon whitelist-neopets.gif74.73 KB
Image icon ablock-instructions.gif43.8 KB
Forums: 
Neopets Misc
  • 230805 reads

I just wanted to let everyone know on this user name when i was looking for stock...when i entered the shop it said the owner of this shop has been frozen...so i logged out and changed password but this is the user name whitietitie_1
Shawna_43 | Mon, 12/07/2010 - 5:33am |

and just to update on this....even though it said they were frozen you can still see the name on the wiz....so becareful
Shawna_43 | Mon, 12/07/2010 - 5:37am |

this is neat for MAC users, hold down ~and tab and a rectangle will appear around ALL links on that page.
levipuppy | Wed, 14/07/2010 - 8:06pm |

I searched "Vo Codestone" in SSW and I got a cookie grabber didn't click it but I still cleared my cookies and changed my password and then I get on search "Vo Codestone" again and I go to the lowest different username and shop and It's another CG. Twice in a row. Thats pretty bad and yet this is just going on over and over again. Be careful

Come to Novi Pier Imports

http://www.neopets.com/browseshop.phtml?owner=cornstarch678&misc

Where Everyday is A Sale

Come to Novi Pier Imports

http://www.neopets.com/browseshop.phtml?owner=cornstarch678&misc

Where Everyday is A Sale

cornstarch876 | Thu, 15/07/2010 - 10:07am |

[quote=Shawna_43]I just wanted to let everyone know on this user name when i was looking for stock...when i entered the shop it said the owner of this shop has been frozen...so i logged out and changed password but this is the user name whitietitie_1[/quote] Yeah, I think they got frozen for their username...
Artemis | Thu, 15/07/2010 - 11:33am |

There has been a lot of CG activity lately in the shops. IMO, it appears to be the same person that is doing it based on the coding and the way it is being done. I have reported many shops to neo and sent them samples of the code that is doing it. All of the accounts have been iced very quickly, but I don't think that's really helping since they appear to be stolen accounts that are being used to do this. It is pretty clever scheme that uses a url forwarding site and some inventive code to insert the link and disguise it to look like a real item in the shop. The coding has been getting more sophisticated all the time. I sure hope neo gets this sorted out soon and filters out the script code that does this. Until then, be very careful in non-neo shops. The way it is right now, you can't really tell that it is a CG until after you click on the item you think you are buying. The only reason I haven't been 'grabbed' by this so far (at least I hope I haven't) is that the script that ultimately runs is not on neo and I have scripts blocked from other sites. the way this code is progressing, pretty soon the person will figure out how to get the url where the script runs on some commonly accessed site (like facebook) that people have scripts enabled. If that happen, I think a lot of users are going to be at risk. For now, I would disable all scripts and only enable them for the site you're on while you're on that site. Also, be very careful about being presented with a fake login page. I have also seen that code inserted the same way the CG scripts are being inserted. If you suspect something has happened, logout of neo ASAP. Make sure when you log back into neo that it is on the real neo login page. Change your password and PINs as well to really be safe, but again, make sure you're doing it on the real neo site first! - peter
bid_on_it_3 | Thu, 15/07/2010 - 11:24pm |

I was trying to snipe codestones, forgetting about the whole CG issues going on at the moment and, surely enough, landed in a CG shop. Only realized my mistake after clicking the item (which is a very fast process when it comes to codestones, the lil' buggers go fast). I logged out, cleared my cookies, installed the key scrambler add-on and changed my password a couple of times in the process. Hopefully it will be enough =/. No more codestone sniping for me until this crap is resolved. ..::Cerbie's Sweets & Bakery::.. http://www.neopets.com/browseshop.phtml?owner=cerberus_neo
cerberus_neo | Fri, 16/07/2010 - 3:40pm |

neomallers CG adblock subscription updated to include the new one today ----------------------------- [color=purple]Contrary to popular belief, the Irish and I are not married[/color]
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Fri, 16/07/2010 - 5:46pm |

[quote=saudor]neomallers CG adblock subscription updated to include the new one today [/quote] Can we subscribe to this and use it with the normal FF adblock.. If so where do we get it and how do you subscribe to it.. I have the Adblock but just use the normal filter list that comes with it. EDIT*** NM I found it.. I just gotta read things closer in the first post
Gavin63 | Fri, 16/07/2010 - 9:43pm |

hi am new here
irene_5 | Sat, 17/07/2010 - 4:46am |

Pages