Frozen without knowing why :(

[Nyssa]

Whoa, you're... really smart xD haha. (and now I sound really dumb).

 

Oh I thought that Neopets said in an editorial that blocking Java wasn't allowed. Weird though, because when firefox still worked for me, I blocked most of the ads and never had a problem.. maybe I was lucky.

 

Gah I always forget to change my password. I rarely ever change my password.. guess that'll have to change. I really hope I never get robbed again (I won't say hacked this time :P)

 

As for firefox not working; it's not just neopets. But it's hard for me to explain (because English isn't my native tongue); but I'll try: Basicly firefox is just really slow for me all of the sudden. My, umm, 'screens' freeze for a few seconds like every five minutes or so (not a clear pattern, just randomly). Not just on Neopets, but anywhere. So that makes it pretty impossible to play games and such (and it's REALLY annoying). Hrm maybe not THAT hard to explain..

 

Question; so if FF 'remembers' your PIN and password for you, that's not a cookie, right? Does that count for IE too? Because I know FF doesn't work with cookies, but IE dus. So will my password (and PIN) get stored on my PC as cookies or not? (just to be a 100% sure ;p)

[Shane for Wax]

Hm...that sounds like you have a case of a corrupt Firefox profile. You might try going onto the support forums. You should check your profile by going to Start-->Run--> %APPDATA%\Mozilla\Firefox\Profiles\

[Chanizilla]

I found no issues with Firefox remembering my password. I protect each account with a different one and use a different pin for each account as well. This is great for protecting. I store the information on my account on a separate locked external hard drive. I do it cause there is two of us in my family that use neopets and even though we live in different houses and all you never know.

 

I would say just make sure everything is pinned. And change your password every 6-8 weeks like corporate companies make you do. Use a combination of letters and numbers where the numbers are through out the password. This makes getting into your account nearly impossible for scammers and cgers!

[Nyssa]

Thanks :) will do.

 

I got back from TNT today! But this is what I got:

 

"Hello,

 

Your account was frozen due to one (or more) of the following three reasons: 1) You voluntarily gave your username and password to a password scamming page while attempting to gain neopoints or items; 2) You voluntarily gave your username and password away to a scammer over an instant messaging service or an email in an attempt to gain neopoints, items, trophies, or avatars; or 3) You attempted to download a cheat program that stole your username and password.

 

After the scammer got into your account, they used it to try to scam other users out of their hard-earned neopoints, items, and pets.

 

While we do try to return scammed accounts, we will NOT return accounts stolen while attempting to cheat. If this is the second time you have lost your account due to giving your information away, it will not be returned.

 

Again, we remind you NOT to give your password out to ANYONE for ANY reason and to keep your browsers updated. Also, giving out your instant message information is potentially very dangerous - which is why it is against our Terms & Conditions. Scammers can also steal your information that way.

 

If you have any other questions, don't forget to include the entire text of this e-mail with your username clearly at the top. This will help me better address your situation. "

 

Now I can assure you that I have done none of those things. I would NEVER EVER do that. Never. So how do I handle this? What should I say? :( gosh this sucks.

 

Edit: I tried the FF thing.. but it's just way too complicated for me to understand xD; i'm pretty happy with IE so far...... maybe I'll let my boyfriend take a look at it soon. Thanks for the suggestion :)

[antiaircraft]

Whoa, you're... really smart xD haha. (and now I sound really dumb).

My apologies, I tend to get carried away every now and again. :P

 

Oh I thought that Neopets said in an editorial that blocking Java wasn't allowed.

Java and JavaScript are completely different things. And ads are almost completely separate from those two as well (although most Neopets ads rely on JavaScript to load).

 

Java is a very heavy programming language with its own compiler system, runtime environments, etc. It can provide web integration in the form of a plugin to run embedded objects known as 'Java applets'. This system, quite frankly, sucks. It is unstable and ridiculously resource intensive. Neopets does not use Java, and kudos to them for that!

 

JavaScript is a light, efficient, extremely portable and adaptable programming language (it has its downsides, but let's not get into a programming language debate here). It is an integral part of the modern World Wide Web. Its lightness and various other characteristics allow it to be embedded in web pages or served in relatively small plain text files. To complement this, JavaScript interpreters are included as parts of almost all modern web browsers, making JavaScript the solution for client-side dynamic web content. JavaScript is used intensively on Neopets, TDN... just about any decent web service you can name really.

 

There is really no sane way you could expect somebody to gain an unfair advantage from blocking JavaScript or advertisements, except in time-critical refresh-heavy activities like restocking.

 

Gah I always forget to change my password. I rarely ever change my password.. guess that'll have to change. I really hope I never get robbed again (I won't say hacked this time :P)

I would say just make sure everything is pinned. And change your password every 6-8 weeks like corporate companies make you do. Use a combination of letters and numbers where the numbers are through out the password. This makes getting into your account nearly impossible for scammers and cgers!

Two things:

 

First, I'd actually recommend changing your password at least once a month for websites that are important to you. But then again, I'm a bit on the paranoid side. :P

 

Secondly, a well composed password (that's uppercase letters and lowercase letters and numbers and symbols) will not, in theory, help you to deal with scammers. Scammers work by tricking you into revealing your password (through fake login pages or whatever). They basically aim to exploit the weakest point in any security system: a careless user. If a user gives away his/her password, it doesn't matter how well made it is.

 

A tough password will help against crackers using dictionary attacks (since your password isn't in the dictionary) to try and guess your password. It will also help against CGers. This is because Neopets doesn't actually store your password in cookies, but rather an encrypted version of your password known as a 'hash'. The simpler your password is, the easier it is for CGers to reverse the hash and find your actual password, and vice versa.

 

Xepha pointed out our article on password security earlier in this topic, and I'd recommend reading it when you're bored or in the mood for going through a lot of text. xD

 

As for firefox not working; it's not just neopets. But it's hard for me to explain (because English isn't my native tongue); but I'll try: Basicly firefox is just really slow for me all of the sudden. My, umm, 'screens' freeze for a few seconds like every five minutes or so (not a clear pattern, just randomly). Not just on Neopets, but anywhere. So that makes it pretty impossible to play games and such (and it's REALLY annoying). Hrm maybe not THAT hard to explain..

Hm...that sounds like you have a case of a corrupt Firefox profile. You might try going onto the support forums. You should check your profile by going to Start-->Run--> %APPDATA%\Mozilla\Firefox\Profiles\

To be more specific, it sounds like you have a misbehaving add-on or plugin. Have you tried running Firefox in Safe Mode (Start > All Programs > Mozilla Firefox > Mozilla Firefox (Safe Mode) on Windows XP)?

 

And for your reference, the Firefox support site is located here (there's a language selection box near the bottom right if you need it).

 

Question; so if FF 'remembers' your PIN and password for you, that's not a cookie, right? Does that count for IE too? Because I know FF doesn't work with cookies, but IE dus. So will my password (and PIN) get stored on my PC as cookies or not? (just to be a 100% sure ;p)

Actually, Fx does work with cookies. Almost all web browsers do, even really old ones. It's one of the most basic web technologies out there. :yes:

 

Cookies are bits of information that a website stores on your computer (via your web browser). Whenever you visit that website, the cookies it has stored are sent back to it by your browser automatically. This makes cookies one of the best ways for a website to see who you're logged in as (it stores your username and your password hash as cookies, and it can read them when you visit it).

 

But the answer to your question is yes. When Firefox remembers a password for you, that has very little to do with the website and nothing to do with cookies. You're basically telling it: 'Store this password somewhere for me. Next time I visit this website, I want you to fill in the password boxes with it so I don't have to type it.' The password isn't sent automatically, it's just filled in. You send it when you hit submit on a login form or whatever.

 

Uh... yeah. I hope that answered all your questions. (:

 

Edit: You ninja-ed me while I was writing my looong reply. xD Well, it seems they're looking at your case at least, which is a good thing. What you should probably do is write back to them (I think you're supposed to use the contact form to do this) and explain that you were indeed not trying to cheat when your account was stolen. I'm not absolutely sure though - TNT isn't very fond of admitting that people can slip CGers through their defences. :sad01_anim:

[Nyssa]

Wow (again). Did you study computer science? Nevermind, I see you're studying Robotic Engineering ;p. But that has to do with computer science, right?

 

Yeah the editorial was about restocking, but I figured that it was just a general rule for everybody. I'm always paranoid about getting frozen (how ironic), so I try to avoid it as much as possible xD; if I read 'don't block java/java script", I won't. Haha.

 

Well I'm pretty paranoid right now too, so I'll definitely change my password each month xD; and I'll make it a harder one.

 

You know, I actually tried FF again this morning and it was working fine to my surprise. Maybe it was just temporary, idk. (I feel kinda stupid now though, everybody's going waaay overboard with solutions and what I should do... it's really sweet, thanks)

 

Okay, so far I have this, but I'm kinda stuck.. I don't know what to say. Can someone please help?

 

Good day,

 

First, thank you for the quick reply.

 

However, I did not voluntarily (or at all) give my password out to anyone. I have been playing Neopets for years now and I've learned the hard way in the past that you can't trust anybody but yourself with your password. I also know that people who promise NeoPoints/items/anything are usually scammers.

 

And to be honest, I didn't even know cheating programmes existed, so I most definitely didn't do that either. I really did not (try to) cheat. I enjoy Neopets a lot.

 

(PS. To their defense; I could've easily been CG'd on a different website, right? Maybe one ABOUT neopets? Or is JUST on Neopets?)

[Shane for Wax]

Just a little tidbit, if you're going to change your password try not to use a password from 2 months ago. Especially if you changed your password because you felt your account may have been compromised. But I don't have to say that do I? ;)

 

As for being CGed on another site, I'm not sure that it would be possible unless they know that is indeed your Neopets account info. Of course, I've never scripted up a CG. So...whaddya I know?

[antiaircraft]

Wow (again). Did you study computer science?

Nope, I'm just a geek. :glasses02:

 

You know, I actually tried FF again this morning and it was working fine to my surprise. Maybe it was just temporary, idk. (I feel kinda stupid now though, everybody's going waaay overboard with solutions and what I should do... it's really sweet, thanks)

That's good to hear. As somebody who spent a considerable amount of time as a Firefox QAer, I have a vested personal interest in helping people with Fx issues. :P

 

Your reply to TNT sounds pretty good to me. :yes: You should probably add a 'to the best of my knowledge' clause somewhere in there though, just to be politically correct and all.

 

(PS. To their defense; I could've easily been CG'd on a different website, right? Maybe one ABOUT neopets? Or is JUST on Neopets?)

The nature of cookie implementations in modern browsers makes this nearly impossible. To quote myself:

Cookies are bits of information that a website stores on your computer (via your web browser). Whenever you visit that website, the cookies it has stored are sent back to it by your browser automatically.

Browser makers care a lot about security, and cookies have become a very robust and secure system. A browser will only send a website cookies if the website in question stored those same cookies. It will not send cookies to a website that did not store them. There are ways to bypass this security measure, known as XSS (cross-site scripting) attacks, but in modern browsers XSS is almost impossible to implement effectively (and new XSS methods are patched out of existence very quickly).

 

So unfortunately for TNT, CGers stealing Neopets passwords = CGers on neopets.com, although (to their credit) they do try pretty hard to stamp them out.

 

Seriously, TNT needs more security experts. xD

 

Edit: Ninja-ed again. :P

[Guest Merry HBK!]

Just a general insight on the more shady "underground" topics.

 

There are CGers that register login info and then these are compiled into what "shady" traders call hash lists. There are, to put it simple, a huge collection of accounts that have been CGed and which information has been secured (as in: the user still can access the account and such, but they don't know that other people have their info, so they don't change it). These people then generally sell the hash lists on illegit Neopets trading websites which I know the name of, but obviously won't state here. The buyers then have free access to do whatever they like with the accounts.

 

Most of them aren't worth anything, they are generally what traders call "shells" (accounts that are used for illegit purposes on Neo - just as ABing, SSing (scoresending), etc...that are then transferred to a general 'main' account and self-frozen in an attempt to erase tracks), but some hit the jackpot - they are valuable mains. These accounts can then be sold to others for real money (USD), NP, etc...and same for valuable pets, items, whatever. This is obviously all illegal against the Neopets T&C, but still many people do it.

 

So if you think that you've been CGed and no one entered your account, think again. You could be part of a major hash list already (this applies if you visit some pages on Neopets that these scammers lure others into, in order to trick people into buying cheap stuff and so on). ALWAYS change your password, and if needed, your email.

 

---

 

And yes, I read through the topic, and indeed:

 

JavaScript is the best Web solution for client-side scripting, whilst PHP (server-side code you can't see) only returns what the programmer wants you to see when you 'View Source'. ;)

[Nyssa]

I figured as much rotcchick, but thanks anyway ;).

 

Gah sucks that it happened on Neopets =O now I'm really paranoid about buying anything from anyone hahah. But if it happened on Neopets, can't they see who it was? I mean they can track their IP or something, right? (although I must say I don't really care about the person being punished as much as just getting my account back)

 

Okay, soooo final judgement before I send my reply xD is this okay? (sorry I'm so annoying, I just really want to do it right because I'd REALLY like to have my account back):

 

Good day,

 

First, thank you for the quick reply.

 

However, I did not voluntarily (or at all) give my password out to anyone. I have been playing Neopets for years now and I've learned the hard way in the past that you can't trust anybody but yourself with your password. I also know that people who promise NeoPoints/items/anything are usually scammers.

 

And to be honest, I didn't even know cheating programmes existed, so I most definitely didn't do that either. I really did not (try to) cheat.

 

So to the best of my knowledge, I have not violated any of the terms & conditions.

 

I enjoy Neopets a lot and I really hope I can get my account back.

 

Have a nice day,

Nyssa (unstoppablepain)

 

I'm not sure how to 'correctly' end letters/emails in English ;p also I'm not too sure if it's appropriate or something to put 'I really hope I can get my account back' in the email, because maybe that would look like I'm pushing or something?

 

Edit: Oh my god. People actually DO THAT? Sell accounts for real money and such? How pathetic :s. Some people I will never understand..

[Guest Merry HBK!]

Place 'Yours sincerely' since you know the name of the TNT staff member. If not, and it's Dear TNT, then 'Yours faithfully'. But I think this is a 1:1 conversation.

 

Where it says this:

 

So to the best of my knowledge, I have not violated any of the terms & conditions.

 

I enjoy Neopets a lot and I really hope I can get my account back.

Add this:

Thank you and have a nice day.

 

Yours sincerely,

...

 

 

-------

 

 

P.S. Yes, yes they do. It's some people way of earning some money, so it's not really bad for those who like AB and SS on their accounts only and then sell (still it's illegal). It IS bad when they scam others in the process.

 

And no, they can track their IP, but it's obviously a proxy. Traders/scammers that sell on these kind of websites aren't that stupid as to use their real IP.

[antiaircraft]

You should probably also follow these directions from the original message:

 

If you have any other questions, don't forget to include the entire text of this e-mail with your username clearly at the top. This will help me better address your situation.

 

Gah sucks that it happened on Neopets =O now I'm really paranoid about buying anything from anyone hahah. But if it happened on Neopets, can't they see who it was? I mean they can track their IP or something, right? (although I must say I don't really care about the person being punished as much as just getting my account back)

TNT can and does catch offenders. But there are ways to spoof IP addresses and such, so it's a tough job. :(

[Nyssa]

Thanks for the tip :) 'yours sincerely' sounds way better ;p (I always thought that that was only for family and loved once for some reason..)

 

Just to get it straight, am I supposed to do this?:

 

[my username]

[her message]

[my reply]?

 

--

 

although my username is in the title.

 

I hate scammers.

[antiaircraft]

That looks about right. Best to be clear I suppose. :yes:

 

'I hate scammers' is correct as well. :P

[Nyssa]

Sent! I'm so nervous, I hope they unfreeze me. (just pixels, Nyssa, just pixels... ;p)

[Aline]

Is it possible for me to get my old account back? Or will TNT just keep me frozen because I got hacked? (if all my NPs and such were gone, they can see that, right? So that's proof that I got hacked and didn't get myself frozen..)

 

I got hacked (by a "friend") and although I had proof that I was the rightful owner and I even wrote to TNT telling them it was me and what had happened to my account (I sent them cc slips from my payment for Premium along with a copy of my ID) but they never unfroze my first account, that was over 3 years ago.

 

Let's hope you have better luck!

[antiaircraft]

Well yes, it happens, but that's a 'your mileage may vary' thing - AFAIK, TNT does a decent job in responding to the majority of such cases. But it's closer to a 51% majority than a 100% majority.

 

And once again: please take a look at this explanation of what the term 'hacker' really means. Thanks.

[Masaryk]

They may be just pixels, but they're pixels that you've put a lot of time and effort into. I just hope that some of them are still there when you get your account back.

 

When I got CGed, since it was right at the start of the recent CG fiasco, I just accepted responsibility for my account getting stolen. I'm sure that your approach wasn't a bad one, and your reply to TNT's letter was very polite, which probably makes a big difference with staff.

 

I'm sure you will get your account back soon, Nyssa. It took a couple of days for me to get my account back after getting a response from TNT, so don't worry if you don't get it back right away.

[Shane for Wax]

You should probably also follow these directions from the original message:

 

 

 

 

TNT can and does catch offenders. But there are ways to spoof IP addresses and such, so it's a tough job. :(

Yeah but if you're good, you can sometimes figure out the real IP. :P Or so those new-fangled CSI shows would have you believe <_<

 

Good luck though. I gotta change my password when I get home. Time for the monthly change. lol

[antiaircraft]

Yeah but if you're good, you can sometimes figure out the real IP. :P Or so those new-fangled CSI shows would have you believe <_<

And that, my friend, is what many hackers do for a living. ;)

 

Failing that, a legal pursuit of a major offender could involve tracing the IP to a proxy, then getting a subpoena on the party running the proxy for logs that could reveal the real offender's IP. :yes:

[Shane for Wax]

Yepper do's. My policing teacher tried to take a course on cyber crime, but that takes some special insights into computers and the Internet. ;)

 

I also think we've gone terribly off-topic.

[Nyssa]

I do believe TNT has gotten 'nicer' over the past years. Or so I've read .. somewhere. I'm happy enough that they believed it was me, and not just some random person claiming the account (although my account isn't really worth claiming to anyone else I think).

 

Once again thanks everyone for their support and help and everything :) really means a lot to me.

 

(totally not following all the computer-talk ;p)

 

Hopefully soon I can post that I have my account back.

 

(Sorry for the 'double post' but I thought that since this message is a few days later, that it was okay.. if not I apologize)

 

I got a message back! (finally), but still no account:

 

Hi,

 

I apologize for the delay. There was definitely a scammer in your account. The question is, how did they get your account information?

 

If you have any other questions, don't forget to include the entire text of this e-mail with your username clearly at the top. This will help me better address your situation.

 

Now what should I say? Should I mention that it could've been a cookie grabber, or just go 'I don't know...'?

 

This post has been edited by a member of staff (Meowy Christmas) because of a violation of the forum rules.

Please do not double post. Use the edit button instead.

Please check your user inbox to see if you have been contacted regarding this incident, then review our rules.

[Romiress]

Mention that you didn't share your account info with anyone, etc. Generally that's the main thing they're looking for, I believe.

[Masaryk]

I lied and told them that I had accidentally fallen for a fake login page. I got the feeling that they weren't going to accept any responsibility for my account getting CGed, so I just agreed that it was my fault. It worked for me, but I don't know if it's the best plan.

[Nyssa]

I'm a bit annoyed by the tone in her question though. "The question is how did he get your account information?" Yeah that's what I'd like to know...

 

I don't think I'm gonna lie about a fake login page, because I was pleading innocence in my previous e-mail. So I think I'll just stay polite and keep saying I don't know and that I didn't share my info with anyone (which is true. My mom doesn't even know my logininfo)