I have been seeing something troubling in my web logs in AWStats and raw server logs also confirm it, which looks like DNS hi-jacking, and was wondering if anyone knows what this is or how to prevent it. It seems like someone has gained control of my DNS to add junk subdomains.

In my logs I see referral traffic coming from urls that look like : yevkklulksghfoejn.mydomain.com and wqwklqwoqpwqjjqwhudk.mydomain.com/page-on-my-site. It amounts to about 10 or so visits from each garbage subdomain, of which there look to be half a dozen per week. It is intermittent, happening only one or 2 days a week, at least so far.

Visiting the url, the browser will show what seems like a redirect to or frame of the non-subdomain equivalent of my site, so this is not referrer spam, at least not the usual type. This is on an Apache server, shared host, and the site is built with Drupal.

So far my site has not lost any traffic, but I fear this could be the prelude to some sort of attempt to remove my site from the index via duplicate content. Any comments or advice would be appreciated as I’m not sure what category this falls in- DNS hijack or scripting exploit.