How do I avoid unwanted GB entries.

Hi,

My site has been victimized by some bastards who insert scripts like the one below, which practially render the GB unusable as the GB page only shows what their script is forcing it to show.
In the past when I got a similar attack, I got rid of the script by going to the book_data table & deleting it.
I was told to disable HTML codes, which I did & I also disabled AGB Codes.
This did not prevent the insertion of the script below or it showing.
What on earth does, in the General or other settings?
I also noted that the legitimate entries, which were affected by the script being entered as a Comment to them, somehow disappeared.
I tried to look in the script source code I retrieved rom the database of affected entries and dont find the original legitimate entries, with no trace of what could be the the original entry.
That leaves gaping spaces with oly the particulars of the legitmate Guest, but with none of their original entries.
I'm just wondering how this could happen!

Please advise on how to prevent this recurring scourge.

Below is what those bastards insérted as a "comment".

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
 <title>Annoncer</title>
 <meta http-equiv="Content-Type"
 content="text/html; charset=iso-8859-1">
 <meta name="keywords"
 content="guestbook, php, script, mySQL, free, advance">
 <style type="text/css">

 </style>
 <script language="JavaScript">

 </script>
</head>
<body
 style="background-color: rgb(153, 204, 0);" link="#006699"
 vlink="#006699">
<form method="post" action="index.php">
 <table align="center" border="0"
 cellpadding="2" cellspacing="0" width="95%">
 <tbody>
 <tr>
 <td height="45" width="55%">Annoncer</td>
 <td height="45" width="45%">&nbsp;</td>
 </tr>
 <tr>
 <td font="" size="4"
 height="45" width="55%">
 <img src="/gastebog/img/sign.gif"
 height="25" width="18"> <a
 href="addentry.php">Skriv
en ny annonce </a> 
 </td>
 </tr>


 </tbody>
 </table>

 <table align="center" border="0"
 cellpadding="2" cellspacing="0" width="95%">
 <tbody>
 <tr valign="bottom">
 <td class="font2"><img
 src="/gastebog/img/point3.gif" height="9" width="9">Antal
annoncer:
 2&nbsp;&nbsp;&nbsp;annoncer
vist pr.side: 10</td>
 <td class="font2"
 align="right">&nbsp;
 </td>
 </tr>
 </tbody>
 </table>

 <table align="center"
 bgcolor="#000000" border="0" cellpadding="5"
 cellspacing="1" width="95%">
 <tbody>
 <tr bgcolor="#7878be">
 <td width="32%">Navn</td>
 <td width="68%">Annoncetekst</td>
 </tr>

 <tr bgcolor="#e8e8e8">
 <td valign="top" width="32%">
 <table border="0"
 cellpadding="2" cellspacing="0">
 <tbody>
 <tr>
 <td class="font2"
 valign="top" width="8%">2)</td>
 <td width="92%">
 <img src="/gastebog/img/ip.gif"
 alt="IP logged" height="14" width="14">&nbsp;&nbsp;<img
 src="/gastebog/img/browser.gif"
 alt="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
 height="16" width="16">&nbsp;
 </td>
 </tr>
 <tr>
 <td colspan="2"
 class="font1">sdsd&nbsp;</td>
 </tr>
 <tr>
 <td colspan="2"
 class="font1"></td>
 </tr>
 <tr>
 <td colspan="2"
 class="font2">Sted: 
-</td>
 </tr>
 </tbody>
 </table>
 </td>
 <td class="font1" valign="top"
 width="68%">
 <div class="font3"
 align="left"><img
 src="/gastebog/img/post.gif" height="9" width="9">Tirsdag,
12. April 2005 15:18&nbsp;
 <a href="comment.php?gb_id=9"><img
 src="/gastebog/img/edit.gif" alt="Skriv en kommentar"
 border="0" height="13" width="18"></a></div>
 <hr size="1">
 <div align="left">
 <div id="post"
 style="position: absolute; top: 0pt; left: 0pt; width: 1024px; height: 768px; z-index: 1; overflow: auto;">
 <table valign="top"
 bgcolor="#000000" border="0" cellpadding="5"
 cellspacing="5" height="100%" width="100%">
 <tbody>
 <tr>
 <td valign="top"
 width="100%">
 Hacked by: 
 NobodyCoder
 
 
 (UnKnoWn_3Rr0R@BSDmail.org/com)
 
 A HACKER FROM IRAN 
 
 
 We are: Th3_Analyz3r
- Unknown_3rr0r - Su_r00t 
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 
 
 &nbsp;
 </td>
 </tr>
 </tbody>
 </table>
 </div>
 </div>
 </td>
 </tr>
 </tbody>
 </table>
</form>
</body>
</html>

I'll guess you are running version 2.2 in which case a quick search of this forum would show that 2.2 has a major security exploit that is easily patched. Read the sticky thread.