I meant write code that looks for

count(lookup value) = count(*)

for a table. Also, look for items in your text fields like "<script language=js>"

We've seen both of these hacks here on the site over the years. There are some other patterns you can search for that can let you know you've had an attack.