Traffic logs to specific databases are not a standard part of MSSQL logging. The connection to the database must be "authenticated" to view or change the data. The connection made to the database server and to a specific database would usually have been initiated from your application site unless the username and password were compromised, in which case should be changed right away.

The best way to prevent un-wanted access is properly secure your application against all SQL injection attacks by using application design best practices.

In addition limiting key areas (like the admin panel of your applcation) that will have un-restricted database access to a group of IP addresses.

Finally, you can examine the web-logs for your site by FTP, they are located in the following folder "\logs\W3SVC####". If you are un-able to access them please contact support.

Protect your application from SQL Injection Attacks