Protecting against Neopets Cookie Grabber (CGer) Guide

Submitted by saudor on Sun, 17/05/2009 - 8:13am

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)

[SHORT VERSION]

For the in-depth version, please see http://www.neopets.com/~punchback_bob
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here: http://www.mozilla.com/en-US/firefox/firefox.html?from=getfirefox

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running. 
Don't forget to whitelist neopets.com and any other sites that you trust (like hotmail.com) (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of http://images.neopets.com/flash_version_check_v1.swf? to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.

 

Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password

 

AttachmentSize
Image icon whitelist-neopets.gif74.73 KB
Image icon ablock-instructions.gif43.8 KB
Forums: 
Neopets Misc
  • 230791 reads

so i supposed there're duped items going around? :o thanks for the heads-up dimitri :P
tatsulot | Sun, 19/06/2011 - 1:38am |

No. Thats just bait ----------------------------- [color=purple]Are you protected?[/color] http://www.neopets.com/~punchback_bob CG information & more
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Sun, 19/06/2011 - 3:07am |

i see, ok thanks!
tatsulot | Sun, 19/06/2011 - 7:16am |

Oh Cookies I love cookies they are better put into your mouth then let them slowly go down to your belly. The taste better than leaving them on your computer lol I am selling Maps,Paintbrushes,Stamps,Coins,Training,Collectables & Morphing Potions in my shop. To get to my shop please press on the link below http://www.neopets.com/browseshop.phtml?owner=buy_swap_or_sell
I have 51 Pages of Wearable Items 4 Sale in my shop, you never know what Bargains you may find. I restock around 7 times a day. To get to my shop please press on the link below http://www.neopets.com/browseshop.phtml?owner=buy_swap_or_sell
Sales | Tue, 21/06/2011 - 8:33pm |

http://www.neopets.com/neoboards/topic.phtml?topic=14767613 Something new is going on. Quoting this from Charter: There's a cg petpage going around on the NC chat. Quote: About 20 mins ago I clicked on a petpage of person who made a board on the NC chat and I got a pop up asking for my word and mail address and other stuff I panicked and shut everything off, and did what everyone advices. The usual log out, in, change word etc. There where two other people on the board like me who clicked on the page. Some believe this was getting past no script. Look into it Dmeanie?
Artemis | Sun, 26/06/2011 - 5:29pm |

hmm the board is deleted. Are you sure it's not one of those neopet glitches? since sometimes the devs forget to take the files off their admin server and when they link to files on it directly, you get a username+password popup ----------------------------- [color=purple]Are you protected?[/color] http://www.neopets.com/~punchback_bob CG information & more
----------------------------- [color=purple]Protect your account[/color] http://www.neopets.com/~punchback_bob CG information & more
saudor | Sun, 26/06/2011 - 5:38pm |

I've never seen a glitch like that so I dunno.
Artemis | Mon, 27/06/2011 - 8:01pm |

I'm almost sure I encountered CG in the user shop. I found cheap codestone on the wiz that was gone when I got in that shop. Not unusual as they do sell fast, but I thought I saw something - like my screen briefly flashed or blinked. I checked the source code on this page - lots of weird javascript! I wasn't looking too close, but it didn't look like ads or analytics code. I immediately logged out, then logged back, changed pass and logged out again. I'm I safe now? Anyway I thought Neopets would filter out js in shop description :(
Lithops | Sat, 02/07/2011 - 1:04pm |

[color=Gray]Good Idea: Feeding stray kittens in the park.[/color] [color=Blue]I've seen that weird popup for login for access thing, on a game that was released but never unlocked, which was fixed a day later.[/color] [color=Gray]Bad Idea: Feeding stray kittens in the park... to a bear.[/color]
[color=Gray]Good Idea: Feeding stray kittens in the park. Bad Idea: Feeding stray kittens in the park... to a bear.[/color]
davymuncher | Sat, 09/07/2011 - 10:33am |

how do you know if youre being CG'ed??
mendax13 | Sun, 31/07/2011 - 9:12pm |

Pages