how to prevent being CGed?

[moreau360]

i was so called CG 2 mths back and lost everything that is valuable in my acct.since then after i've logged out i will go clear my cookies,cache etc.anyone care to explain how CG works?thks.

[stampsyne]

I HIGHLY recommend implementing the PIN number system to protect all areas of your account.

[moreau360]

I HIGHLY recommend implementing the PIN number system to protect all areas of your account.

well,apperently after i found out that someone was taking items out of my SDB and putting in trades,i implemented the PIN.it stopped them for a few hours but when i woke up in the morning,my acct had been frozen due to "someone hacking".when i got my acct back,i still lost all my items and nps despite the implementation of the PIN.

[patjade]

Did you change your password? Did you check and see if your email was changed? Perhaps the hacker managed to hack your email account? if so, they could then use it to get your password AND your PIN number.

[everconfused]

Did you change your password? Did you check and see if your email was changed? Perhaps the hacker managed to hack your email account? if so, they could then use it to get your password AND your PIN number.

If they were already in the account, and the PINs apparently weren't in place at the time, then the cg'er would easily have been able to change the email. So setting PIN after the fact would not help. And you can only change your email once every 24 hours (I think?).

I clear everything, it's set auto on FF which is what we mainly use here. However, if you've been (or think you've been) cg'ed, clearing cookies, etc. won't do anything - the person already has your info.

The only thing that *might* help is if you think anything's suspicious is to immediately go to your user info page and change your password, then if you like log out, clear and log in again. Usually, changing the password will kick anyone else out of your account -- but I have heard from a few people that that wasn't the case.

[stampsyne]

Yes, after the fact you should have SELF FROZE to prevent them from taking anything else. Then contacted TNT immediately.

[moreau360]

Did you change your password? Did you check and see if your email was changed? Perhaps the hacker managed to hack your email account? if so, they could then use it to get your password AND your PIN number.

well the moment i saw something suspicious,i went to change everything,password,email etc.all done within half an hour when i found out.

Edit:

Did you change your password? Did you check and see if your email was changed? Perhaps the hacker managed to hack your email account? if so, they could then use it to get your password AND your PIN number.

If they were already in the account, and the PINs apparently weren't in place at the time, then the cg'er would easily have been able to change the email. So setting PIN after the fact would not help. And you can only change your email once every 24 hours (I think?).

I clear everything, it's set auto on FF which is what we mainly use here. However, if you've been (or think you've been) cg'ed, clearing cookies, etc. won't do anything - the person already has your info.

The only thing that *might* help is if you think anything's suspicious is to immediately go to your user info page and change your password, then if you like log out, clear and log in again. Usually, changing the password will kick anyone else out of your account -- but I have heard from a few people that that wasn't the case.

well,i changed everything upon finding out.implemented the pin as well.and if i remembered correctly,that hacker even exhausted all 5 tries of the pin.cos when i tried to change the pin again it says i have exhausted my 5 tries.apparently the hacker is trying his luck with the pin.nevertheless the next morning he still got in....and took everything tat is valuable aka codestones,paintbrushes,morphling potions,neggs and my 8MILLION NEOPOINTS!


JasEdit: Do not double post. If you were the last to post and you want to add more, please use the "edit" button in the top right of each of your posts. Thank you.

[ollieoop3267]

yeah well i just got home and found my account frozen and im a bit upset about it... whoever hacked my account was supposedly cheating and from what TNT said was verbaly abusing some of my friends.... i had the pin and i did all the changing every other day to my pw and now im screwed

[Raza]

A cookie grabber is a bit of code in a webpage that uploads your neopets cookie (a cookie is the small file that websites send you to remember personal info, like settings and saved login info) to their server, ie 'grabs' it. The best way to stop it happening is to not visit neopets related sites that aren't either on neopets or some well known fansite like PPT. Or alternatively, you could browse neopets with a seperate browser entirely and not log in with the browser you do everything else with, so the cookie for neopets simply wouldn't exist when your browser is ordered to grab it.

I'm mostly speculating though. Never seen one in code and I couldn't tell you what they do exactly.

[everconfused]

A cookie grabber is a bit of code in a webpage that uploads your neopets cookie (a cookie is the small file that websites send you to remember personal info, like settings and saved login info) to their server, ie 'grabs' it. The best way to stop it happening is to not visit neopets related sites that aren't either on neopets or some well known fansite like PPT. Or alternatively, you could browse neopets with a seperate browser entirely and not log in with the browser you do everything else with, so the cookie for neopets simply wouldn't exist when your browser is ordered to grab it.

I'm mostly speculating though. Never seen one in code and I couldn't tell you what they do exactly.

It doesn't matter what browser you're using, people have been cg'ed with javascript disabled, and every other security thing they can think of (much smarter about this stuff than I'll ever be!).

The thing is, the cg'ing that is happening on the site is just that -- it's ON the site. In other words, Neo could be the only place you go using x browser, and you're good about keeping everything cleared when you log out, don't store passwords, run your a/v and spyware scans, have a firewall.

All it takes is going to a lookup or shop (usually, though there were apparently some on pet lookups and petpages) that has the cg'er on it. You're done. At that point, the only thing I think you can do is change your password quickly, log out, clear everything, log in again and what some have done is change their password again, as well as their PIN.

I don't know about what migh currently be going on (if anything) but some of the cg'ers were redirecting people to a blank page, then back to Neo in a few seconds. So, again, it's not a matter of you voluntarily leaving the site and going to another, unsafe site. This is done to you, not by you.

Yes, you can get grabbed by going to unsafe sites and anyone who does this sort of thing is beyond pathetic IMHO. Neo instituted the HTML filter check to help stop this stuff. Now, a question is does/can the filter work if someone hasn't tried to change or update a page? Current consensus of some users is No, obviously the filter can't do anything if information is already on a page.

I do understand from a staff member posting on a board that alot of legwork was done to try to find any cg'ers on the site. And I think they did a great job! Does that mean they found them all? No. Does that mean, even with the new filter that cg can't be put on a page? Probably not, given that some people seem to have nothing better to do with their time than think up ways to steal from others.

[moreau360]

A cookie grabber is a bit of code in a webpage that uploads your neopets cookie (a cookie is the small file that websites send you to remember personal info, like settings and saved login info) to their server, ie 'grabs' it. The best way to stop it happening is to not visit neopets related sites that aren't either on neopets or some well known fansite like PPT. Or alternatively, you could browse neopets with a seperate browser entirely and not log in with the browser you do everything else with, so the cookie for neopets simply wouldn't exist when your browser is ordered to grab it.

I'm mostly speculating though. Never seen one in code and I couldn't tell you what they do exactly.

It doesn't matter what browser you're using, people have been cg'ed with javascript disabled, and every other security thing they can think of (much smarter about this stuff than I'll ever be!).

The thing is, the cg'ing that is happening on the site is just that -- it's ON the site. In other words, Neo could be the only place you go using x browser, and you're good about keeping everything cleared when you log out, don't store passwords, run your a/v and spyware scans, have a firewall.

All it takes is going to a lookup or shop (usually, though there were apparently some on pet lookups and petpages) that has the cg'er on it. You're done. At that point, the only thing I think you can do is change your password quickly, log out, clear everything, log in again and what some have done is change their password again, as well as their PIN.

I don't know about what migh currently be going on (if anything) but some of the cg'ers were redirecting people to a blank page, then back to Neo in a few seconds. So, again, it's not a matter of you voluntarily leaving the site and going to another, unsafe site. This is done to you, not by you.

Yes, you can get grabbed by going to unsafe sites and anyone who does this sort of thing is beyond pathetic IMHO. Neo instituted the HTML filter check to help stop this stuff. Now, a question is does/can the filter work if someone hasn't tried to change or update a page? Current consensus of some users is No, obviously the filter can't do anything if information is already on a page.

I do understand from a staff member posting on a board that alot of legwork was done to try to find any cg'ers on the site. And I think they did a great job! Does that mean they found them all? No. Does that mean, even with the new filter that cg can't be put on a page? Probably not, given that some people seem to have nothing better to do with their time than think up ways to steal from others.

this is bad...does it mean i will get cged again?

[Raza]

this is bad...does it mean i will get cged again?

No, it's still somewhat unusual.


And Moreau, I didn't realise it was going on onsite. That changes most of that, although I'd figure that even if they can't filter stuff that's already there, they could definitely find it if they know what the code looks like. Any major onsite cookie grabbing would be the usual race between security and people looking to get around it.


Also, unless cookie grabbers also grab the cookies from major mail services like yahoo, hotmail and gmail, PIN should still work against them.

[dolphinling]

A cookie grabber is a bit of code in a webpage that uploads your neopets cookie (a cookie is the small file that websites send you to remember personal info, like settings and saved login info) to their server, ie 'grabs' it. The best way to stop it happening is to not visit neopets related sites that aren't either on neopets or some well known fansite like PPT. Or alternatively, you could browse neopets with a seperate browser entirely and not log in with the browser you do everything else with, so the cookie for neopets simply wouldn't exist when your browser is ordered to grab it.

No. Wrong. A cookie grabber can only work from neopets.com. Someone has to find a way to put their own code on the neopets website, because other sites cannot look at your neopets cookies. *

... some of the cg'ers were redirecting people to a blank page, then back to Neo in a few seconds. So, again, it's not a matter of you voluntarily leaving the site and going to another, unsafe site. This is done to you, not by you.

Right. And in fact, they were only making you leave the site in the first place because they were stupid. It's perfectly easy to make it so there's no indication at all that you've been cged.

Yes, you can get grabbed by going to unsafe sites

I've said it already but I want to really make it sink in: No, you CAN'T.

Neo instituted the HTML filter check to help stop this stuff. Now, a question is does/can the filter work if someone hasn't tried to change or update a page? Current consensus of some users is No, obviously the filter can't do anything if information is already on a page.

It could, but it doesn't. It would be perfectly easy for them to run the filter on all pages that already exist, but that would break old pages even if they weren't evil. (One of my petpages was that way, in fact.) They did, however, do other stuff to make sure there was no evil stuff that was already there, so any pages made before the new filter will be safe.

Does that mean, even with the new filter that cg can't be put on a page? Probably not, given that some people seem to have nothing better to do with their time than think up ways to steal from others.

Actually, the current filter should be able to protect against any new attempts very well. In the old filter, something they didn't even know about could be a problem. In the new filter, anything they don't know about is automatically blocked, and they have to have actually made a mistake with something they did know about for there to be a problem. So if there are any, there will be much fewer, and they will be much much harder to find.

The places where something might be found now are places that don't have the new filter system. Think of the original CG place: the SDB search form. Those still might have problems (none that are known now, though). The good thing about those, though, is that you can't be CGed by just going there, you have to click on a specific link. So to be careful, just look at a link before you click it, and if it looks suspicious, don't click it.


* The exception here is if you have a security hole in your web browser. That's why you should always keep your browser up to date. The current version of Firefox is 1.5.0.3. If you don't have it already, get it.