Are they attacking the mysql server directly or using one of the insecure php scripts you have in your server?
If it is the former case, make sure that you don't have wild card entries under the hostname allowed for the database. If it is through some insecure php scripts, update the scripts, tighten php by disabling dangerous functions and install mod_security. These will add extra layers of security.
If you do not know how to do it, hire some good admin to do it.