I have a few questions about this whole cgéd thing. I know what cookie grabbers are, but have been searching the net to find the best options to protect myself. I am currently using FF and have the add on NOScript but had recently been cgéd anyways or so says Neopets and the reason for icing my account. I did get it back but how do I prevent it from happening? I dont want to create any issues but exactly how safe is this site when it comes to getting your info. Who has access to your pw when you use programs like the kad feeder. Im just trying to cover all my basis here. I seem to have more issues since joining the site then I did before and afraid to use the kad program to finish getting the avie lol. I guess they get the password from your information when cgéd but do they also get the pin?
Get the firefox addon called RequestPolicy. Also, if you suspect you've been CGed, quickly logout of your neopet account, clear your cookies, and log back in. As for the programs here, they are not stored anywhere, they are used to logon to neopets through the program.
I fell for a cg too! Somebody had edited their lookup to say they were a staff (the little coding section at the bottom of the lookup). and I went to their shop and it had a cg into it. I logged out right away, but my account still got iced 15 minutes later...still have no idea if my 60+ Ubs in trades vanished.... To prevent it from happening: avoid shops, any shop links posted on the boards in particular! DONT go for cheap codestones, look for somebody that has 30+ If you suspect you have been cged, logout right away. then log back in and you'll be fine provided you don't fall for the cg again. As far as the password and pin, they cannot get those unless the cookies they steal from you will allow them to have access to your email. (you basically have to be logged into your email within the last 30 minutes or so, or have the email service keep you logged in). I would suggest you manually log in to your emails every time and unclick the option to remember your username and password and to keep you logged in. Also, when your done using your email logout. If you were logged into your email during the time you were cged, I suggest you logout of the email, then log back in, and then change your neopets password and pin. Edit: and as far as clearing cookies, its a waste of time unless you want to prevent from getting cged again. :lol: They already have the cookies, so it won't do anything to help. The site programs are safe, but I cannot go in-depth providing you with why, I can just tell you that this site is against scamming. We DO cheat, but we don't scam. So unless the cgers hacked into the site (very un-likely) the programs are very safe to use! Hope this cleared everything up.
Ok thanks very much for clearing that up, appreciate it. Umm one question about the emails then. They can access your email if your logged in, but that would be for say hotmail or yahoo or something, they cant access email that is through bell or rogers right?
Damn this thread. It's gotten me all paranoid. I'm too lazy to add any protection and it's very impractical for me to ban shops completely. That's a major portion of the game! I tried NOScript but it was such a pain on EVERY single page.
As long as you are still logged in, they can get into ANY website you have visited that uses usernames and passwords. Exactly why cging is a federal offense. It's steal peoples personal information. But TNT doesn't want to admit their site is not safe. So they won't press charges on the people doing it.
CGers can not get your pin, as pins are not stored in cookies (Would make it pointless). CGers do not get your password. All progams here are scanned, and should be safe. If its my kad feeder you are talking about, its safe. I hate it when people spread rumors about stuff they dont understand. A CGer can only get the cookie of the site it was designed for. CGing is not a federal offense, as it is not really hacking. I want to see you make a filter stronger then theirs that still allows HTML. CGers are very hard to make for neo, and it takes a lot of time to find an exploit. CGers do not get your password. They cant press charges because its close to impossible to track the person.
Well the cgers have an exploit that redirects the buyer to another website with the cger on it. Why would it only take cookies from only one website? I believe if people are willing enough to cg for one, they will do it for all. I'm not trying to spread rumors, but it is true, if someone steals your personal information it is a federal offense--I'm just repeating what I've heard.. If you have premium they will have access to your address, phone number, credit card auth number, billing info, etc.
So you are saying every site in the world can access all your information? Cookies can only be read by the site that has set them. There are 2 types of CGers. Most neo cgers are what people call "offsite" cgers, since they use a XSS exploit on neo. A XSS exploit allows you to add HTML to a page basically. People then use an iframe to load that page when you visit the CGer site. There is no way to get access to every cookie someone has on their computer, unless you have access to that computer. Ive had 3-4 years of experience with CGing on neo. I know what Im talking about. TNT and neo users are just trying to make people paranoid. People with no experience are making stuff up.
CGers do not get your password. Im soo confused, so if they dont get your password or pin, how the heck do they get into your account and steal all your crap? So basically (cg for dummies) anywhere on the site where a user can enter an html code there could be a cg code?
What a cookie does is make it so you dont have to enter your password every time you view a page. It does not actually contain your password. All someone does is edits their cookies to match yours. That makes them automatically logged into your account. They can only steel stuff that is not pinned unless they find out your pin (By guessing). Pretty much. But I've never been able to get a CGer on neoboards, or neomail. I believe those are impossible. Trades used to be possible, but isn't anymore.
I was planning to make a new thread but since this one's still fresh, why won't TNT just fix their f-ing code? If they don't have the manpower to do it, I'm sure they could hire a one-time team to clean/update their code to prevent CGers. I'm guessing that would cost them $1000 maximum. Then again, why bother when they know full well that we'll keep coming back anyway even if we get CGed.
The only way to stop CGers is to not alllow ANY html. And even then there would be offsite CGers, which are hard to patch when your site is hundreds of pages, and thousands of lines of code for every page.