Posted by
You can go into your own cache to grab your own cookies, but there is no way to do it from a website from others' computers. This is also of questionable legality, since you're basically stealing info from the user and from neopets about that user, which might even lead to a security hole, such as one that would give access to their accounts.
amory_vain
5 years agoWe see the screenshots people share when they win a PDE from the Shore or get a particularly high score on a lame joke intended for King Skarl, but what about those boring days where a Tombola win is the best you can do? We want to hear about all of it.
Some popular dailies linklists:
- JubbyJubJack's Gude to Neopia.
If you click the 'source' link at the bottom of this post, you can simply copy the below quoted form & paste it into your new comment for easier sharing:
Altador Prizes:
Shop of Offers:
Petpet Park:
Apple Bobbing: How to install solid subframe bushings s13 for sale.
Anchor Management:
Mysterious Negg Cave:
Grave Danger:
The Wheels (Mediocrity/Excitement/Misfortune/Knowledge/Monotony/Extravagance):
Tombola:
Wise Old King:
Grumpy Old King:
Deserted Tomb:
Fruit Machine:
Coltzan's Shrine:
TDMBGPOP:
Underwater Fishing:
Neopets Cookie Grabber Error
Qasalan Expellibox:
Lunar Puzzle:
Forgotten Shore:
Battledome:
Buried Treasure:
Test Your Strength:
Faerie Caverns:
Lab Ray:
Petpet Lab Ray:
FQFC/other misc fortune cookie results:
Feel free to add in or leave out any items; the form above is meant for convenience, not restriction!
Bold any exciting results if you want by placing two asterisks on either side of them :3
23 comments
Posted by2 years ago
Archived
Little back story to me. I'm in my mid-20s now, but well over 10 years ago, when I was around the age 10 I ran into my first phishing experience. Essentially, someone just had a form to fill out that would get you 'millions of neopoints.' It was so obviously a scam to me, but the curiosity got the best of me and I wanted to see if people actually fell for these things. So I spent the next few days learning how they worked and how to make one, and put it into play. To my disbelief, people were naive enough to use it. I quickly got hooked, as messed up as it sounded, to me it felt like I was opening up a new booster pack of Pokemon cards whenever I logged into a new account. I never knew what I'd find. The thrill was always there.
This put me into the Neopets 'black market' for the next 5 or 6 years of my life. Granted, this would still be a decade ago, but a lot of what I have learned can still help you today.
1. Brute Force Attacking
I want to quickly clear this one up real quick. Brute force attacking is when a person has an account they want to get into, and attempts to use a ton of common passwords to try and get into it. It also works with a huge list of account usernames and just a couple of the most common passwords for that site.
Brute Forcing has never been a big problem at Neopets. You can only get so many wrong attempts on a single IP address, and the site has never been worthwhile enough for someone to invest in the amount of proxies needed to make this a worthwhile adventure.
2. Phishing websites
This could easily be the most prominent issue Neopets had. I'm not sure how common they are anymore, but you used to see them at least once a week. A phishing website is simply a website that looks just like Neopets.com, and when you login, it will send the person your username and password. Some of these can be super complicated, but none of them will have the domain Neopets.com
Neopets Cookie Grabber Download
How to avoid: The easiest way to avoid this is just to never login to Neopets unless you go to the webpage yourself and fill out the information. As long as you ALWAYS type in Neopets.com and fill out the username/password to login, you'll be fine. Easy enough to avoid these.
3. Cookie Grabbers
These little suckers are as bad as they get. When you log into a website, your browser needs a way to tell the page that you're logged in (or else you'd be nonstop logging in on every page of the site). The solution for this issue is cookies. Cookies don't last forever, but they can last for quite a long time.
A cookie grabber will still your cookies. With the stolen cookies, someone can add them to their browser letting Neopets think they're supposed to be you logged in. Neopets will grant them access to everything on your account. These things are bad, nearly anyone can get cookie grabbed.
*Solution - Use a pin. Do not store the pin on your browser/computer to be safe, just type it in. If someone stole your cookies, they are looking to steal things ASAP, waiting around for you to move big items to your inventory is too risky as the time they have on your account is limited.
If you think someone is on your account, change your password, then change your emails password, and then change your Neopets password again once more. The last step is probably an overkill, but it takes 3 seconds, just be smart about it.*
4. Stolen Hashed Lists from Neopets Fan Sites
These are the last big thing I used to see all the time when I was growing up. Hackers could steal everyones information from a database, and sell these lists to people who wanted to steal their accounts. The passwords would always be hashed. But, the password 'Password123' would always have the same exact hash. So there were HUUUGE lists where you could type in the hash, and get the password. It worked 90%+ of the time.
Typically, at least back in the day, it was easier to get into someones email address and then getting into their account through that.
Solution: Use a different password for your email address than all other sites. This doesn't just apply to Neopets, this should be done because it can happen with any site you register on.
Conclusion:
There are many more scams, but the 3 I listed above me were what got 95%+ of accounts. Here are some extra safety tips I've learned.
The most important thing you can pin is your e-mail.
If you put spaces in front of your password, they will not show up when Neopets emails you a lost password. This could potentially save you as most people aren't aware of this. (Not sure if this still works, but it did years ago.)
Be smart. People stealing accounts are impatient. If you notice anything weird, change your passwords. If things keep happening, you might be keylogged (but it's unlikely for a someone to keylog a person just for a Neopets account).
If you have any questions, feel free to ask. I don't encourage any of the sort and I'm only posting this to help you guys be aware of what people do to try and steal your account. I feel pretty guilty about what I did when I was a kid, but on the bright side I have never once had an account stolen from me or have been scammed. Knowing how attackers/hackers/scammers operate is the best way to prevent it from happening to you.
18 comments