Protecting against Neopets Cookie Grabber (CGer) Guide

Submitted by saudor on Sun, 17/05/2009 - 8:13am

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)

[SHORT VERSION]

For the in-depth version, please see http://www.neopets.com/~punchback_bob
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here: http://www.mozilla.com/en-US/firefox/firefox.html?from=getfirefox

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running. 
Don't forget to whitelist neopets.com and any other sites that you trust (like hotmail.com) (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of http://images.neopets.com/flash_version_check_v1.swf? to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.

 

Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password

 

AttachmentSize
Image icon whitelist-neopets.gif74.73 KB
Image icon ablock-instructions.gif43.8 KB
Forums: 
Neopets Misc
  • 230770 reads

[quote=zixianna][quote=davymuncher]I don't get what they find enjoying about taking accounts just to get iced. [/quote] There are other profitable ways to hack Neopets ~Abrar http://www.neopets.com/browseshop.phtml?owner=abrar1646&misc
abrar13 | Mon, 06/05/2013 - 4:29pm |

[quote=abrar13] There are other profitable ways to hack Neopets -_- less jackass ways =\ [/quote] Variety is the spice of life. Even for asshats. If I get carried away with the potty language here, just yell at me, it's a combination of being frustrated by Friday the 13th, and a swing in as far a direction as I can go from TNTs filters (which are one of my BIGGEST complaints about the site, the filters are RIDICULOUSLY bad...)
zixianna | Fri, 13/08/2010 - 2:05pm |

OK, I think people complain a bit too much about the filters. They're not that bad. Everything gets hacked. Get used to it. PS3 was suppose to be 'unhackable' and MacOSX was suppose to be 'virus-proof.' Now the PS3 is hackable and Macs have viruses. It just took a while for Apple to gain market share so that people actually even cared to create viruses. I use to play an online game where they made weekly updates so people's hacks wouldn't work. Usually, two hours after the game was updated, a new working hack was made and distributed publicly online. So compare that to Neopets. Even though Neopets has wayyy more hackers on it that the other game xD ~Abrar http://www.neopets.com/browseshop.phtml?owner=abrar1646&misc
abrar13 | Fri, 13/08/2010 - 2:21pm |

[quote=abrar13]OK, I think people complain a bit too much about the filters. They're not that bad. Everything gets hacked. Get used to it.[/quote] I'm talking about the Neoboard filters, not the HTML ones (thus why the statement was connected to me talking about my bad language on here, I usually don't swear so much, but certain things get my dander up *lol). Read my previous posts on PC security, you'll know I understand your second statement :P
zixianna | Fri, 13/08/2010 - 2:31pm |

Ohhh, OK xD Sorry. But you have noooo idea how badly flash is exploited on Neopets. And no, I'm not talking about CGs :P ~Abrar http://www.neopets.com/browseshop.phtml?owner=abrar1646&misc
abrar13 | Fri, 13/08/2010 - 3:09pm |

[quote=abrar13]Sorry. But you have noooo idea how badly flash is exploited on Neopets. And no, I'm not talking about CGs :P[/quote] I wouldn't say I have NO idea, because if I don't, then I'm REALLY curious :) I mean, I know all about auto score sending and speed hacks and memory editing and all that, but if there's more, and I'm sure there is, I probably DON'T want to know *lol*
zixianna | Fri, 13/08/2010 - 3:21pm |

[quote=zixianna][quote=abrar13]Sorry. But you have noooo idea how badly flash is exploited on Neopets. And no, I'm not talking about CGs :P[/quote] I wouldn't say I have NO idea, because if I don't, then I'm REALLY curious :) I mean, I know all about auto score sending and speed hacks and memory editing and all that, but if there's more, and I'm sure there is, I probably DON'T want to know *lol*[/quote] Sshhhh, dont talk about SSing $: You might tempt people ;) ~Abrar http://www.neopets.com/browseshop.phtml?owner=abrar1646&misc
abrar13 | Fri, 13/08/2010 - 3:25pm |

[quote=abrar13]Sshhhh, dont talk about SSing $: You might tempt people ;)[/quote] While that is at least not something that DIRECTLY hurts peoples accounts, it is still detrimental to everyone. It makes it harder for everyone to get high scores and trophies, it causes more inflation across the board, it reduces the NP Ratio of games (making it harder for players to actually EARN their NP by playing). So, while it's nowhere near as bad as hacking peoples accounts, it's still what I believe the scientific term for is a 'Dick Move'. If you're going to cheat, be creative and do it on your own, don't be a script kiddie. NOBODY respects a script kiddie. Not even other script kiddies. And then don't complain when you get Frozen *lol*
zixianna | Fri, 13/08/2010 - 3:31pm |

I don't understand a lot about CGs and how to know if you are at risk, but I have read many of the posts here to learn. Question: I use the shop Wizard a lot to restock and find bargains. If you are in a shop, make some purchases, and cannot return via the back button to the Wiz screen, are you in a shop that has a CG? I see this more often lately, but I just use the tool bar to select the Shop Wiz again and keep searching.
habit_of_mine | Fri, 13/08/2010 - 7:25pm |

This sounds unlikely, but as I have not seen a shop with this in it yet, I'll never say 100% ;) But no, the worst part about a CG shop is you will likely not notice ANYTHING strange. And while we have no official word, I have not heard of a single instance of anyone getting CG'ed in well over a week now? Follow the recommendations in the first post and on Dmitri's petpage there, and you should be fine.
zixianna | Fri, 13/08/2010 - 7:28pm |

Pages