« Chase Burntwood Wakes Festival | Main | "Let's get ready to Ramble!" »

Tuesday 21 June 2005

Netscape Cookie Monster Attack

For some reason, every time I try to access the March 2005 entry "More comments about Barry Diston's Performance", Norton Internet Security warns of a "HTTP Netscape Cookie Monster" attack. It then automatically blocks the IP of my website.

I really can't understand it. I've checked and rechecked the MT entry and the source HTML for that page but can't see anything different from any other page on this site. I edited the HTML to remove anything that could possible be mis-interpreted but still the warning is tripped.

Does anyone else run Norton Internet Security Professional? Do you get the same warning? (Note - If you do, you'll have to manually unblock the site IP address in "Intrusion Detection".)

Update: The problem appears to lie in the following HTML, specifically in the section of the URL after the question mark:

<a title="HarderFaster.net / Forums - CyberKitten & Fidget Records @ BBtB 05/03/05 - What a Night!!!" href="http://www.harderfaster.net/?section=forums&action=showthread&forumid =3&threadid=96072" target="_blank">

If you remove the part of the URl after the question mark (as I have done now) then the problem disappears.

Update2: It appears of you have a URL with the &action=showthread within your webpage it will trigger a false positive response from Norton Internet Security. If you're having this problem and you're not using a browser that's at risk from the Netscape Cookie Monster Attack then you should turn off the detection rule within Norton Internet Security.

Open up Norton Internet Security. Select "Status & Settings" on the left hand side. Click on "Intrusion Detection" then "Configure" on the right hand side. Under "Intrusion In the list of "Signatures" find "HTTP Netscape Cookie Monster" and click on "Exclude".

June 21, 2005 5:40 PM | Site


Firstly Norton is waay overparanoid, I tried to setup a BitTorrent client recently with and it just couldnt handle it.

It also sounds like your still using Internet Explorer? Firefox and Opera will make you soo much happier.

Anyway, try clearing out your cache since is the "attack" cookie based.

oh and the ads the right look much better.

On my home PC I use a combination of IE and Firefox (don't ask why, I couldn't explain). It was actually Firefox that triggered this first and IE repreated it when I tried.

The worrying part is if this page is doing it then other pages might be doing it too. If I can't work out why this is happening then I don't know how to avoid it happening.

Start encoding Ampersands!

Scott said on June 24, 2005 1:13 PM:

I had the same problem yesterday on a UK web site. i have contacted the web site which is an online store, but they haven't found anything yet. Afterwards i noticed that all the cookies that are used for storing user names and passwords no longer work when i try to log into the web sites that they are for!. that was with IE v.6, and Norton firewall 2003.

Jonas said on June 24, 2005 4:48 PM:

I changed a querystring in one place (removing the action= part of it, which seem be the common part with your querystring), and Norton now likes me. But, now after the update it seems that other firewalls are silently blocking me. God I hate this.

Thank you. I tried the same myself but the link broke. I've had to just include the URL as text and tell people to cut and paste it into their browser bar.

Dolores said on June 25, 2005 7:05 PM:

I have Norton and can not get into MSN groups because of Norton stopping it because of Netscape cookie monster, how did I get this and how do I get ride of it.

James said on June 25, 2005 11:09 PM:

I'm having a similar problem as Dolores. I can enter MSN 'People & Groups' and then open each of the groups in 'My Groups'. I can navigate around all of the menu without a problem but as soon as I click on a posted picture I get the Norton 'Cookie Monster' warning. It then takes maybe 30 seconds after clicking on 'Back' (or whatever) before the page changes.

James - The reason it takes 30 seconds to load the page is that Norton blocks all activity from the PC it thinks has tried to attack your PC for 30 seconds.

Dolores - You can stop Norton checking for this particular attack. Open up Norton Internet Security. Select "Status & Settings" on the left hand side. Click on "Intrusion Detection" then "Configure" on the right hand side. Under "Intrusion In the list of "Signatures" find "HTTP Netscape Cookie Monster" and click on "Exclude". You shouldn't get the problem again, however if you do actually use an old copy of netscape you will be vunerable to this attack.

jim said on June 26, 2005 1:21 AM:

1) is it wise to exlcude HTTP Netscape Cookie Monster? even if ur using IE6 and not netscape?
2) why is it comming from msn groups when ive never had it before till now?

jim said on June 26, 2005 1:24 AM:

Found this..

Unaffected applications:

Internet Explorer 5.0 (Win32)
HotJava 1.4.4
Lynx: (Linux, Irix, VAX/VMS, Win95):
versions 2.7.x - 2.8, will either reject the invalid cookie, or ask the user whether to accept it.
OmniWeb (NeXTstep/Rhapsody):
Andrew Abernathy from OmniGroup reports that this browser is unaffected.
AWeb2 3.2 (Amiga)
Opera 3.60b3, Build (Win32)
iCab 1.8 PPC (MacOS)
(and, presumably, all versions newer than those above)

I have been experiencing this same problem for several days in trying to access any of MSN photo storage sites ... some of which I pay for, and some that are free. I am unable to access anyone's photo albums, including my own. However, others are able to access all the albums. So it must be something that has happened to my computer .... but I am very hesitant to exclude the MSN sites from my Norton Intrustion Detection. A few weeks ago, I got the same warning from Norton every time I tried to access the albums ... and in addition MSN warned me that I was locked out because someone was attempting to access my albums and learn my password. MSN informed me at the time that they were aware of the Cookie Monster problem, and I thought they had worked it out. But the past few days proves that they haven't corrected their problem. I've cleared cache; temp files of all sorts, cookies ... you name it, it's been cleared. Still no access.

jim said on June 27, 2005 5:55 PM:

The fault is MSN not anyones computer...we have to wait for them to sort it out

I have been having the same problem with the Netscape Cookie Monster attacks...and it is on the MSN Groups. I can sign in but just as I click on any picture or go to sign out....up comes Norton and saying I have been attacked.
:(:( This is getting so out of hand, and I am so sick of it. I also have deleted and got rid of everything I could. But it just keeps doing it.
If it is an MSN PROBLEM? Are they going to fix it and do they know we are having a problem with it.
How do you contact them to tell them your problem? If we all do it maybe they will realize just how bad it has become.
I have been told to Add MSN Groups as a rule to admit on Norton, but I am scared to do it right now.
What do you think about doing that anyone?

BG said on June 28, 2005 1:37 AM:

I am having the same problem when I try to click on a picture in my album on kodakgallery.com. My Firewall locks it out for 30 min. I don't know what to do...Any suggestions? I don't think I'm as computer savvy as you guys are.

Hey NIS is a CRAPPY ASS PROGRAM its blocking users from my website and im trying to find out what part of the code is generating this error.

I cant believe you people actually paid for this lump of crap. I just installed a cracked version and it has made my internet at least 40% slower. it also made my computer alot slower.

antyways does anyone have any idea what part of the code is causing this? we dont have any action=showthread on our site so its got to be something else.

to those people who paid money for this and are like whaa now i cant view my sites , TURN IT OFF. uninstall it. and throw it away. go get a hardware firewall or router and you will be 1000x more secure then some stupid software firewall. go buy a linksys or something. also download an anti virus scanner.

Latest updates from Norton have frozen my access to MSN Groups, saying there is Netscape Cookie Monster. I deleted it from my Intrusion Detection list and since have had no probs. My concern is who is at fault, Norton or MSN? Norton also has slowed my computer down a lot since it has been installed. If they are at fault, Whats the alternative?

I have Windows Firewall and Norton as well. Is there any reason why i cant swithch off the Norton Firewall?

Rhys said on June 29, 2005 11:57 PM:

You should be only running one firewall at a time, turn off one of them

jamie said on June 30, 2005 6:52 PM:

can someone please find out what is going on...is it msn or NIS....thanks

jamie said on June 30, 2005 9:43 PM:

i did wat paul did...its ok now cos im not using NETSCAPE. if i was i wouldnt exclude the cookie monster..now...who is the blame on...MSN or NIS?

I left a message on my MSN website, for Norton Users to contact me for if they were having problems with viewing my site. That way they can see where the problem lies. Saves some confusion.

malthara said on July 4, 2005 3:12 AM:

Ya, I get that same problem when trying to get to msn groups. I had to reset my passport info once and that's when i noticed it... the sites stop loading half-way pictures dont open up etc, I may just use my older box since i dont care if i open it to attacks but i dont want to open a hole in my firewall.. I have to do that for azureus already.

crystal said on July 4, 2005 5:14 PM:

Has MSN of NIS addressed this issue on any of their websites??

philip said on July 8, 2005 3:59 PM:

I still have the problem with accessing MSN picture groups as of 8th July. I have all the latest updates to Norton Internet Security, so they do not seem to be fixing it.

In fact nobody seems to be fixing it. I am on IE 6 so just even getting a problem talking about Netscape seems very strange. Ah well !!!

Peter said on July 8, 2005 7:40 PM:

I just had the same problem.
I can find other ways of posting my pictures i e through others on the net but this is rediculous!!!

Has anyone emailed msn directly asking for their help?

The best thing to do at this stage is to remove "netscape cookie monster" from your intrusion detection list. Go to internet Explorer, open Norton then select Intrusion list. (See Ardvark june 26 instructions above )No problems! (Balder but wiser)

Philip said on July 10, 2005 8:13 AM:

It is not the end of the world not being able to look at MSN Group pictures, so I can wait until MSN or Norton fix the problem (if ever ??)

I am ratherr surprised that there is not more info or complaints on the Net about this as I would have thought it was widespread.

I still have no idea why a message talking about Netscape is being generated, when I don't even have Netscape installed.

Computers !!!!!!!!

Leave a comment

« Chase Burntwood Wakes Festival | Main | "Let's get ready to Ramble!" »

Sponsored Links

theaardvark's 2DBarcode


domesticated bloggage


Evil Inc
Ctrl Alt Del
Real Life
Wapsi Square
Least I Could Do
Dueling Analogs