gh0st^ has hacked my guestbook

Hi there. My Advanced Guestbook 2.3.1 was hacked I guess. Actually, it seems as if this gh0st^ character just entered some html code that includes a javascript alert that says "gh0st^ Invades the town! No guests allowed" and you are forced to click "OK" at which point you are taken to their website which I think just has a picture of Angelina Jolie or a look alike anyway.

So, when I try to enter the admin section and delete the post, I am again confronted with the alert and forced to click on the "OK".

I guess what I need help with then is two things. First, how do I delete the post (do I have to go into the database - and if so, where exactly should I look) and second, how do I prevent this from happening again? Could I just put "javascript" on the "bad word" list?

My guestbook is located at http://www.gizkidz.com/guestbook

Any help would be greatly appreciated. I know next to nothing about how to solve this problem.

Thanks,
Noelle

Hi again. Sorry for taking your time. I found the post in my database and removed the javasript and edited gh0st^'s message to fit my needs.

I still would like to know the best way to prevent this from happening again though.

Thanks.
Noelle

NoeyG wrote:

I still would like to know the best way to prevent this from happening again though.

Thanks.
Noelle

That is easy DISABLE HTML. Upgrading to Lazarus Guestbook wouldnt hurt either.