In order to redirect your traffic, malicious persons would either have to change your WHOIS (nameservers) and DNS settings in order to steal your traffic at the network layer - or they'd have to add rewrite rules, for example, to your apache.
What usually happens, and what I think you may be referring to, is that these malicious persons inject content into your website (such as adding javascript or iframes to textual content in a database or even directly into webpages themselves) which causes the user to request a resource from a malicious website when they visit yours. This resource is usually some kind of script which eventually attempts to exploit unpatched vulnerabilites in the users software (such as flash player, adobe reader, and so on) or it may simply be a way to defraud pay-per-click systems to make money.
Because the malicious resource is usually requested directly by the user the ways to determine whether this is happening to your users might be:
1) browse your website and monitor the requests your browser makes using a tool such as
http://wireshark.org or use firefox along with the Tamper Data
https://addons.mozilla.org/en-US/firefox/addon/966 add on. Either of these tools allow you to see what requests are being made by your web browser and you can identify any requests going to a site other than your own.
2) audit your website and any associated database for content you don't recognise such as added javascript, iframes and so on.
You should ensure that your website and the VPS are securely configured and that the website is periodically tested for vulnerabilities that might allow a malicious person to perform actions on your website that you would not wish them to.
