Assitance in detecting a hack


Hi folks

Its come to my attention that a site of mine may have been hacked into.
I know it can be done by various methods (password via brute force, sql injection etc).

I have access to the logs, I am wondering what to look for to look for anything suspicious.
I have looked for various SQL command keywords (EXEC, table, convert, char, the single quote character, the comment quoe etc) -but nothing seems to be coming up.

Are there patterns to search for? anything else that might come up in the logs?

I know from past on yours, due to nature of the sites they are huge targets, unfortunately. I've found many of them have long ago dropped back doors and they simply activate them and in, it can be as little as a single like of code that looks very innocent.