I have a new client whose domain I just inherited for webmastering and SEM.

She is a therapist who advertises her services locally here in the Los Angeles area and has had her domain for a few years.

Her site gets a sort of low level of traffic, as expected for a small private practice business, but I looked in the logs and found some weird things.

- 12% of traffic coming from Lithuania even though the site is pretty specifically geotargeted to Los Angeles
- The #1 domain in the referrer list was a spammy laptop offer site
- Said offer site shows up multiple times in the logs as a subdomain of many different "get a free domain"-type hosting locations.

I have a few questions, since I am relatively new to these type of issues:

1)Is there tangible damage that is being done here? It seems like a security breach or some kind of referer spam- but I don't know how to diagnose exactly or put a stop to it.
2)Has anyone else experienced this problem? I am noticing when I google the name of the subdomain that the only results on the SERP are priv_stats files from tons of disconnected domains. How to crack down on this type of thing?