Responses to this blog, part 2

A couple days ago, after sent fan mail to, several thousand new emails were found in the inbox from [some random number] When I looked through the headers of those, over 2100 contained the IP address I know this is Ryan Cleary's residential broadband account because he had used it previously to send emails as Ryan and as Francis Madsen. Many of those in the inbox were also sent using a php script with the page title "SyRiAn Sh3ll ~ V5.6~ [ B3 Cr34T!V3 Or D!3 TRy!nG ]", that is currently (May 20 2011) installed on the compromised web hosts.

The Syrian Shell is described by its original author as

"a PHP Script that coded to help hackers with there hacking trip . with this script  you can so easily hack scripts , inject databases , send spam emails , bypass latest security  Updates  , collecting information , encrypting and decrypting strings , connecting dealings and  more ... in this website . I'll show you the features of this PHP shell , some codes in it and  some wonders that you haven't ever seen like it . :)"

Edit Jul 10 2011: I've removed the listing of 39 websites that hosted the scripts Ryan Cleary used to send thousands of emails to people he admires were installed, because one of the incompetent website owners asked nicely:

I kindly request you to remove from your blog any references to my web site or myself as soon as possible. Should those references do not disappear from your website, I will be obliged to take further action and contact your hosting provider (

Hoping we can solve this issue in a prompt manner,

Kind regards,