Having had websites hacked in the past, I have now moved to using a lot more automated checks. I have found it useful to produce a daily email report of any files on the server that are added, deleted or modified in the last 24 hours. My next set of checks is to report any changes in the links on each website. This can be done using curl and PHP to basically create a spider and crawl the site from the outside. No doubt I will have to do more but these ones so far can help detect changes quickly after the event.