How can we tell if the site was actually hacked?
It could be easy or it could be really hard, it really depends on what they have done to your site, your coding skills and how obvious it is. If you are not familiar with what the source code is supposed to look like the chances of you finding anything is slim. The easiest thing to do is delete your site and then upload your clean backup that you have saved on your home computer (you have one right??) Takes 10-20 minutes depending on your internet connection and then you know you have a clean site.
The first thing you need to do though is check the IP address where all the visits are coming from and see if you really do have a problem or not. For all you know it could be Google. Second if the IP block does look suspicious and they are not going to be customers of yours block them.
If you are using WP then you should do a few things to harden your site.
1. Setup a .htacess file in your admin directory and block all IP addresses except yours.
2. Change the default wp_ table prefix to something random.
3. Make sure the admin username is not visible anywhere on the site. Some templates make it visible by default so you may need to manually change the nicename field to match the display name instead of the username.
4. Change your admin username and passwords to something more secure. Multiple word usernames and a minimum 14 character password that includes special characters.
5. Look at the plugins you have installed, if you are not really using them then delete them. Same goes for extra themes.
6. Make sure your file permissions are correct so that write permissions are not given unless absolutely needed.
7. Instead of having your wp config file in your public html folder move it up one level to your home directory. You do not need to do anything special for wordpress to find it there it will look up one level by default if it does not find it in the public html folder. Removing it from the public html folder makes it much harder for anyone to access it.