Matt's Script Archive: The Scripts That Reshaped the Web

▲ Matt's Script Archive: The Scripts That Reshaped the Web(tedium.co)

45 points by 1317 2 days ago | 12 comments

▲ madrox 6 hours ago | parent | next [-]

This takes me back. In the 90s there wasn't exactly a lot of web app programming going on, and it was hard to find a web host willing to let you run scripts through CGI. This was my first introduction to perl and the idea of dynamically building web pages. I adapted WWWBoard into a web chat that was "real time" using html refresh tags. Really inspired the rest of my career. Was for lots of people.

Not sure how I feel about the author trying to use Matt's Script Archive's bugginess and popularity to make a point about vulnerabilities and vibe coding. The web was simply just a very different place back then. Even viruses were more about hackers showing off their skills than the industral malware complex we have today. Bots weren't scanning the whole web for wp-admin.php. No one was really entering credit cards on web pages. If your site got hacked, it got graffiti'd and it was embarrassing, but no one used it to hawk bitcoin.

Likening vibe apps to WWWBoard is simply ignoring the climate and times each are a part of.

	▲	ed_elliott_asc 23 minutes ago \| parent [-]
		>> No one was really entering credit cards on web pages. Any webpage that needed a credit card number we would use a generator which worked about 50% of the time

▲ Twirrim 7 hours ago | parent | prev | next [-]

Working for an ISP in the mid 00s, the lack of security of those scripts was an absolute nightmare. It was a routine task to have to go clean up the mess they made, everything from simple "Being used to relay spam" on up.

▲ kstrauser 6 hours ago | parent [-]

About once a week: "Why is our outbound bandwidth saturated? Oh, look! A new FormMail exploit!"

I think my all-time favorite was an SMTP injection. I don't remember the exact details, but it was pretty close to this:

* The script accepted a form POST and decoded it.

* It opened a pipe to sendmail.

* It wrote the expected SMTP headers to sendmail's stdin.

* Then it wrote the decoded POST body as-is into sendmail's stdin.

Thing is, that method used in-band signaling. This is the part I forget exactly, but you could send in the POST body:

  Blah blah
  
  .
  
  
  To: [1,000 email addresses]
  From: root@localhost
  Subject: LOL spam
  
  Haha suckers

That period on a line of its own, followed by two newlines, told sendmail "this message is done. Now listen for the next command." Then it sent the new SMTP headers with whatever damage the attacker wanted to do, and sendmail would obediently process it as though that were the original message.

We learned that one the fun way.

	▲	qingcharles 4 hours ago \| parent [-]
		Haha, that was the ultimate test. Is my terminal suddenly laggy? OK, we got hacked again.

▲ arscan 6 hours ago | parent | prev | next [-]

I remember Matt’s Scripts Archive as an absolute gold mine for learning how to make web applications through example in the pre-PHP days, which was pretty challenging when all you had to work with is CGI and maybe SSI if your hosting provider was particularly advanced. It’s what got me started as a web application developer 30+ years ago. I guess I probably learned about security the hard way by following his examples. But it got me headed broadly in the right direction I think.

I remember being very proud of how I extended his forum software to support threaded messaging and pagination.

▲ tgorgolione 5 hours ago | parent | prev | next [-]

There should be a historic websites society, like the historic places societies we have that preserve and mark certain areas with information about them.

▲ knadh 5 hours ago | parent | prev | next [-]

Deploying and tinkering with Matt's scripts was a very formative exercise in my early teenage years. I rememher offering public FormMail and guestbook hosting services (on underlying10MB shared hosting plans!)

▲ Dwedit 3 hours ago | parent | prev | next [-]

My favorite prank to do on wwwboard was to put in a space for subject, then your post was unclickable.

▲ kristopolous 7 hours ago | parent | prev | next [-]

I totally remember this site...there were a bunch of themed collection sites of various scripts back then. I'd definitely say this is on the same timeline as dockerhub, npm.org and pypi or at that time, cpan (which still exists of course).

▲ tonyoconnell 6 hours ago | parent | prev [-]

A blast from the past. I used his scripts for sending email from forms. The internet was a very nice place back then.

	▲	wingerlang an hour ago \| parent [-]
		Reminds me of my first websites. I had a book with HTML tags and I tried to add a form with a submit button. It didn’t work, I had no backend, I don’t think I had a concept of what a backend was at that point. I’m not even sure what I expected to happen with that form.