I think that is a good place to be. It's more about Server Management than MySQL though.
In my experience of being hacked, the hackers generally don't damage anything, they just do it for 'fun', then brag to their friends, give links etc.
But they frequently leave at least 1 'payload' behind. There are at least 3 types.
I cannot recommend a single utility to look for all this kind of stuff. Over the years I have just learned Linux command line commands to look for the signs and get rid of them.
As a general rule of thumb you need to search for files that have been created/modified since the date/timestamp of when you think that the attack took place. The hackers target files/folders that are world writable, and that they can access through a URL. Such files have normally been created/modified by a script they have managed to upload through an exploit, and (since the script runs as a URL) the files normally belong to user apache, group apache.
Edit: The best way to find out how they got in is to look in your server access and error logs.
[*]Edit some of your web pages so they are serving up ads/adware/malware/viruses to your visitors
[*]leave an IRC bot running so they can use your mail server to generate spam
[*]leave a 'rootkit' behind (for example r57shell.php) so that they can easily get back onto your server after you have plugged the exploit.