Jump to content

Got CGed for 3rd time.... *facepalm*

vampire_girl

By vampire_girl
in Neopets General Chat

 Share

Recommended Posts

vampire_girl Newbie

vampire_girl

Posted
Posted

As title says I got CGed for 3rd time.... BUT HOW??? I log out every time I go on other pages and I haven't visited too much other lookups.

 

I was "lucky" I noticed that on time. I went to log in on my mobile phone and I wrote my username. And after I clicked log in, it said that password is going to be delivered in 15 minutes. I was like crazy and I went quicker to log in from computer. "Hacker" even hacked my Mail and requested the password from there! I loged in with old password and I could see my items disappearing from Inventory. The "hacker" wasn't using trade, he was using "Give to NeoFriend" sending. Luckily, he didn't made to take NPs (there wasn't anyway "too much" NPs in bank) Although "hacker" took my Rainbow Cybunny Morphing Potion I was saving. I was so happy I made to buy it from Kauvara (that was actually first time I made to buy something from her). And now, I have to start it over again. :grrr:

 

Please, tell me how to prevent this! :sad02:

Link to comment
Share on other sites
Noog Newbie

Noog

Posted
Posted

The most common place for CGs is a user's shop.

 

I'm sorry to hear this :( My friend got CG'd and he lost tens of millions of neopoints and a neopet with stats beyond the 200's.

Link to comment
Share on other sites
vampire_girl Newbie

vampire_girl

Posted
  • Author
Posted

The most common place for CGs is a user's shop.

 

I'm sorry to hear this :( My friend got CG'd and he lost tens of millions of neopoints and a neopet with stats beyond the 200's.

Awww,I'm sorry to hear this same thing for your friend. He lost 10x more than me. I can imagine his shock after seeing that. :ohno:

Link to comment
Share on other sites
Viridian Newbie

Viridian

Posted
Posted

3rd time and still no action taken? Store items in your SDB, cover everything with PINS. Have a hard-to-guess password on both your email and neopets account, and make sure they are different.

 

If you mainly play Neopets on your computer, get a program like NoScript. It will block any script it sees, but you can allow them to take action if you want to (for example on Youtube videos). CGs are a script, so they won't continue if you have NoScript installed. That's the best way to prevent them as far as I know.

 

However, also take in mind the security measures I mentioned first.

Link to comment
Share on other sites
vampire_girl Newbie

vampire_girl

Posted
  • Author
Posted

3rd time and still no action taken? Store items in your SDB, cover everything with PINS. Have a hard-to-guess password on both your email and neopets account, and make sure they are different.

 

If you mainly play Neopets on your computer, get a program like NoScript. It will block any script it sees, but you can allow them to take action if you want to (for example on Youtube videos). CGs are a script, so they won't continue if you have NoScript installed. That's the best way to prevent them as far as I know.

 

However, also take in mind the security measures I mentioned first.

That's the problem. I have covered with PINs everywhere I could. But I kept those items in Inventory because I was trying to trade them. I didn't have time to put them in SDB that night, so that person was really lucky... I do have hard-to-guess passwords, they are pretty LONG. On every account I have different password, but still...

Anyway, thank you for the NoScript.

Link to comment
Share on other sites
Viridian Newbie

Viridian

Posted
Posted

Okay. Well at least the PINs cover all those items and neopoints that you could possibly lose. A simple way to get a CGer out of your account is by logging out. We've tested this, and it turns out that they can no longer log into your accounts when you've logged out and back in again. The cookie gets renewed, and the CGer is no longer able to use the grabbed cookie. (The password is not visible in the grabbed cookie)

Link to comment
Share on other sites
vampire_girl Newbie

vampire_girl

Posted
  • Author
Posted

Okay. Well at least the PINs cover all those items and neopoints that you could possibly lose. A simple way to get a CGer out of your account is by logging out. We've tested this, and it turns out that they can no longer log into your accounts when you've logged out and back in again. The cookie gets renewed, and the CGer is no longer able to use the grabbed cookie. (The password is not visible in the grabbed cookie)

So it is effective to log out when CGer is in my account? Oh, that's good. I thought that doesn't work. Thank you for the informations! :)

Link to comment
Share on other sites
Xepha Newbie

Xepha

Posted
Posted

As title says I got CGed for 3rd time.... BUT HOW??? I log out every time I go on other pages and I haven't visited too much other lookups.

 

I was "lucky" I noticed that on time. I went to log in on my mobile phone and I wrote my username. And after I clicked log in, it said that password is going to be delivered in 15 minutes. I was like crazy and I went quicker to log in from computer. "Hacker" even hacked my Mail and requested the password from there! I loged in with old password and I could see my items disappearing from Inventory. The "hacker" wasn't using trade, he was using "Give to NeoFriend" sending. Luckily, he didn't made to take NPs (there wasn't anyway "too much" NPs in bank) Although "hacker" took my Rainbow Cybunny Morphing Potion I was saving. I was so happy I made to buy it from Kauvara (that was actually first time I made to buy something from her). And now, I have to start it over again. :grrr:

 

Please, tell me how to prevent this! :sad02:

 

 

The situation that you describe sounds more like a fake login page than a cookie grabber...

So in order to prevent that situation, always double check that the URL of the page is correctly spelled.

Also, you might what to read what are hackers and why they deserve respect.

Link to comment
Share on other sites
vampire_girl Newbie

vampire_girl

Posted
  • Author
Posted

The situation that you describe sounds more like a fake login page than a cookie grabber...

So in order to prevent that situation, always double check that the URL of the page is correctly spelled.

Also, you might what to read what are hackers and why they deserve respect.

No, I'm pretty sure I never went on a fake page because I have got the link in the Tabs.

Oh, thank you for that post. I really didn't know that. I apologise for the mistake.

Link to comment
Share on other sites
Angeló Veteran

Angeló

Posted
Posted

I'm sorry about that !!! It's horrible .. I'm always afraid of being CG'ed ... that's why I have pins on everything ... but my question is : how do I know if there's a CG in someone's shop or lookup ????

Link to comment
Share on other sites
antiaircraft Newbie

antiaircraft

Posted
Posted

Man, this sucks. :( Sorry to hear that you're having such a rough time.

 

Normally, having your account broken into this many times in a row means that the thief has some sort of consistent avenue of attack which you haven't managed to close off yet. You may want to double check your bookmarks/open tabs/etc. on your mobile phone and computer, to make sure that you have the right links for Neopets. Additionally, make sure that the email address for your Neopets account is set correctly, and that the secret question used to recover your email account's password has a secure answer (it needs to be a few words long at least). You might also want to run a scan for malware on your computer, just in case something nasty managed to get onto your system.

 

I'm sorry about that !!! It's horrible .. I'm always afraid of being CG'ed ... that's why I have pins on everything ... but my question is : how do I know if there's a CG in someone's shop or lookup ????

Unfortunately you don't, unless you happen to know enough JavaScript and HTML to go through the source code yourself. :( Even then, checking the code on every single user-editable page is rather a pain. However, the simplest way to deal with cookie grabbers doesn't necessarily involve trying to avoid them completely - thieves can't act on the information they get from cookie grabbers instantly. Usually they'll collect a batch of cookies from different users and go through them a while later, hoping to hit on one that they can still use. If you log out frequently (when you finish a shopping spree, get off Neopets for the day, or just every few hours when you feel like it), then even on the off chance you actually run into a working cookie grabber, any information it can get from you will be useless by the time the bad guys get around to trying it.

Link to comment
Share on other sites
Angeló Veteran

Angeló

Posted
Posted
Unfortunately you don't, unless you happen to know enough JavaScript and HTML to go through the source code yourself. :( Even then, checking the code on every single user-editable page is rather a pain. However, the simplest way to deal with cookie grabbers doesn't necessarily involve trying to avoid them completely - thieves can't act on the information they get from cookie grabbers instantly. Usually they'll collect a batch of cookies from different users and go through them a while later, hoping to hit on one that they can still use. If you log out frequently (when you finish a shopping spree, get off Neopets for the day, or just every few hours when you feel like it), then even on the off chance you actually run into a working cookie grabber, any information it can get from you will be useless by the time the bad guys get around to trying it.

 

thank you for that answer .. actually I do log out every now and then, I also change my password periodically :rolleyes_anim:

Link to comment
Share on other sites
Sakurabelle Newbie

Sakurabelle

Posted
Posted

Unfortunately you don't, unless you happen to know enough JavaScript and HTML to go through the source code yourself. :( Even then, checking the code on every single user-editable page is rather a pain. However, the simplest way to deal with cookie grabbers doesn't necessarily involve trying to avoid them completely - thieves can't act on the information they get from cookie grabbers instantly. Usually they'll collect a batch of cookies from different users and go through them a while later, hoping to hit on one that they can still use. If you log out frequently (when you finish a shopping spree, get off Neopets for the day, or just every few hours when you feel like it), then even on the off chance you actually run into a working cookie grabber, any information it can get from you will be useless by the time the bad guys get around to trying it.

 

Hey thanks for that information. I don't really know how cookie grabbers work. I had thought you had to click on something other than the item you are buying while in a user's shop. Now I will plan on logging out and back in whenever I am done with my shopping sprees. :)

Link to comment
Share on other sites
Rachany Newbie

Rachany

Posted
Posted

Oh that's just horrible! I feel so bad for you! If I were you, I would make a long and complex password, with numbers and uppercase/lowercase or something. And um, I understand a hacker hacked your account, but.......what's CG? Sorry, I'm horrible with abbreviations XD

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...