Images in Advanced GB not showing in IE

Hi,

After some stupid elements repeatedly puttting code in my Guestbook which defaced it & made it inaccessible, I was made to know installing the newest version of the AGB would solve the problem as it's more secure.
The original visitor entries, to which the malicious code is entered as a comment have somehow disappeared in the 3 attacks, as they are simply not there in the database, even if I have sought them carefully before deleting the code. I wonder how that happens. Do the attackers have a way of deleting some entries?
In the 3 cases, after "cleansing" the database of the defacing code, the space where the original visitors is then empty, giving the false impression they have been edited out.

Anyway, after disabling html & AGCodes, will such/similar attackts really stop, or there are additional measures one could take?

Thanks.

Let me add that after some time, the images in IE are now also showing on the uploaded website. They started after I had started posting above, but I forgot to edit the subject before posting.

In all three attacks the attacker has accessed the admin section and edited an existing entry and so the existing entry has been lost to you. The problem of images not showing has been discussed before and is down to the base_url variable in admin/config.inc.php which needs setting correctly.

ok, thanks, but .... does the new version of AGB I downloaded 2 weeks ago & installed have its administrative area accessed by unknown & unauthorized people in the same way or is it now secure?
No other person has the username & password!

What was your previous version? 2.2? 2.2 had a very well documented exploit that allowed anybody to login to the admin section.

Oh, I dont know which version it was. I know it was part of the available software on the cpanel at the end of 2003.
Can I assume, the admin. area is now safe?

If you are running version 2.3.2 yes. If you installed via cPanel then odds are you are using version 2.3.1 as cPanel are damn slow to update and I personally blame them for a lot of sites getting defaced.

I downloaded it myself from this site & configured & uploaded the files myself. I dropped the old database files & replaced it manually with the newer version with the data added.
I did that after failing to use the "install.php" method, probably after getting something I failed to figure out right.

It kept referring to the mysql.class.php.

Anyway, thanks for the rapid responses.