How can I found out if our website got hacked with the silent sql injection attack?

Try this:
https://addons.mozilla.org/en-US/firefox/addon/3899

But probably the best way is to use good practice when you code your site. For example, if you always query your db through your own method/function, then you can just place all the injection prevention in that one place.

hmmm... interesting advice... :P

Hello,

I'm not sure why using a Mozilla add-on would help but, okay. You will need to go back and look at the server logs and see exactly what was going on on the server. Some hosting providers will allow logs to be shown depending. If they will not let you have access to them; I would simply ask for there assistance. Meaning discribe what exactly happen so they can go back in the logs easiler and pin-point the issue. Most places do daily backups of there servers so they can transfer your data off the backup server and it should be good as news. However, it would be nice to know how and if your website was silent MySQL injection attack. If you where running alot of databases and using PHP then its very possible this happened. If you where running an XHMTL / CSS website with JavaScript and some PHP I find it very hard to believe that it was MySQL injected then. I hope I was helpful - best of luck.

hard to tell if it's already been done - but the best way to prevent it is to quickly go over your code (database calls) and check that dangerous characters are either being removed or converted. Also - use querystrings as little as possible.

PS: i found a table in my database that shouldn't be there. I looked at the table's creation date/time, then searched my web server log files for the table's name around that time/date. I found then which page and malicious query string had created the table. Also the IP etc which has now been blocked