1. Home
  2. VPN / Privacy
We are reader supported and may earn a commission when you buy through links on our site. Learn more

What Is a DDoS Attack, And How to Protect Myself

DDoS attacks sound scary, and they really are unless you know how to protect yourself. Today’s article focuses on just that; we cover the methods and risks involved in distributed denial of service attacks, plus how to fight back using a VPN. We also present our favorite VPN providers proven to enhance your security online.

You’ve probably heard the term DDoS attack, but you might not be quite sure what it means. You might also be under the impression that DDoS attacks only affect big companies like Google or Apple. But in fact, these attacks can effect users of all kinds.

Hide your IP and protect yourself from DDoS attacks with these VPNs:

  1. NordVPNBest vs. DDoS – NordVPN offers specialty servers fine-tuned to thwart DDoS attacks. And even if that server gets bogged down, you can always switch to another of NordVPN’s thousands of servers.
  2. Surfshark – Robust network with military-grade encryption and automatic obfuscation.
  3. ExpressVPN – Myriad leak protections, fast speeds, and rotating IPs make you a difficult target.
  4. PureVPN – Offers automatic DDoS protection which blocks unwarranted traffic and shields your IP.

Below, we’ll address the pressing question: “what is a DDoS attack, and how can I protect myself?

What is a DDoS attack?

DDoS stands for Distributed Denial of Service, and it is a subtype of a denial of service attack. A DoS attack is when a server is deliberately targeted with very large numbers of requests, in order to block or crash the server. If you’ve ever tried to access a site at the same time as many other people – for example, to buy concert tickets or limited edition products just after they go on sale – then you’ll have seen that too many users will make a server slow right down or crash. In the case of a product launch, this crashing of the server is inadvertent. In a DoS attack, this same effect is achieved deliberately by targeting the server. The purpose is to make the target website go offline, either to cause hassle for the site administrator or to try to silence the site.

Typically, a DoS attack is fairly easy to stop. If a server sees that a huge number of requests are coming from one location – that is, the one person who is performing the DoS attack – then the server can simply block requests from that location. This will shut down the DoS attack.

DoS vs DDoS

So hackers who want to take down websites came up with a new method: the Distributed Denial of Service, or DDoS attack. In this method, the server is pelted with many requests to crash it, just like a DoS attack, but these requests come from multiple different locations. Instead of all requests coming from one IP address, the hacker uses multiple different machines in different places to hammer the server, making a DDoS attack much more difficult to protect from due to its decentralized nature.

There are various methods that hackers can use to access multiple machines in order to perform a DDoS attack. The most common method is to use a botnet, in which users’ machines are taken over and used without permission to perform the attack. A common way that devices become part of a botnet is when users install free ‘security software’ which actually compromises their security. Hackers can then buy access to a botnet and use these many devices in their DDoS attack to take a site down.

LEARN MORE: What is a botnet, and how do I stay safe?

What risks do DDoS attacks pose to ordinary users?

There are two separate issues you should be aware of regarding DDoS attacks as a user. The first issue is if you run a website or web service of your own. In this case, you need to protect the IP address that hosts your site from DDoS attacks. There are various methods that you can use to protect your site including finding a hosting service that offers specific DDoS protection to ensure that your site stays up even if someone tries to perform a DDoS attack on it.

The second issue you should be aware of is that you could be impacted by a DDoS attack even if you don’t have a website which you host. If you install the wrong software onto your device, your device could become part of a botnet and be used in DDoS attacks. Not only does this make you inadvertently part of a hacking operation aiming to take down a website, but it can also slow down your device and your internet connection. To avoid your device being used in a DDoS attack without your knowledge, follow our advice on how to avoid becoming part of a botnet.

You can be majorly impacted by a DDoS attack not only if you run a website, but also through other methods. It is possible to mount DDoS attacks against email inboxes and even phone numbers. The principle is the same in each case: discover the details of the target (usually an IP address, but it could also be a phone number or email address) then swap the server with so much data that the service fails. This kind of attack can effect users of all kinds.

RELATED READING: How to protect your identity with an anonymous email account

How can you protect yourself from DDoS attacks?

One method that can help both website owners and users who are concerned about their devices being used in a DDoS attack is to use a VPN service. A VPN service works by installing software onto your device which encrypts all of the data your device sends over the internet, and then routes this data via a server run by your VPN. This means that your device’s IP address is hidden, so no one can discover your real IP address. If no one knows your IP address, then they won’t be able to mount a DDoS attack against you. Further, using a VPN will improve your device’s security and make it much harder for hackers to access your device. If your device cannot be hacked, then it won’t be used as part of a DDoS attack.

VPNs with DDoS Protection

If you wanted to make absolutely sure that your IP address is safe from DDoS attacks, you’ll find that some VPN providers even have special anti DDoS servers. The DDoS mitigation techniques work by filtering out the traffic which is directed towards your IP address in order to protect you. Firstly, like other VPN servers, an anti DDoS server will hide your IP address so that when you are active online, sites and companies won’t be able to see your true IP address. Then, traffic which is directed towards your IP address is run through filtering software.

This filtering software analyses the origin and other metadata of incoming traffic to check whether it is valid. If the incoming traffic is valid – for example, a website returning data that you have requested through your browser – then it is allowed through the anti DDoS filter. However, if the incoming traffic looks suspicious – for example, coming at a very high volume at the same time from many different origins around the world – then it is detected as a possible DDoS attack and is not allowed through the filter. This means that traffic from bots which is malicious and aims to implement a DDoS attack is blocked, but legitimate traffic from actual human beings is allowed through as usual.

An example of a VPN that offers desirable features against DDoS attacks – PureVPN

An advantage of using a VPN with DDoS protection is that you don’t have to change your current hoster. If you have a website hosted by a company that you like and want to keep, but that hoster doesn’t offer DDoS protection, then you can use a VPN to filter traffic to your site. This is quick to set up and much less hassle than finding a new hosting service which does offer DDoS protection and migrating your site over. Because legitimate traffic is allowed through the VPN anti DDoS filter, your visitors won’t notice any difference when visiting your website – but you can be confident that your site won’t be taken down by a DDoS attack.

Best VPNs to guard against DDoS attacks

If you’re looking for a VPN to protect you from DDoS attacks, then we’ve put together some recommendations for VPNs that will keep you and your devices safe:

1. NordVPN

NordVPN - Editors choice

If you’re looking for a VPN with the best standards of security and specific protections against DDoS, then we recommend NordVPN. This service offers special anti DDoS servers which you can connect to and which will filter incoming traffic to your IP address to protect you from DDoS attacks.

As well as these specific protections from DDoS, you’ll find a host of other security features included in the service too. Of course, the VPN uses the 256-bit encryption for a high level of protection and has a no logging policy to ensure your privacy. But there are many more options that the security minded user will appreciate, like the option to use a server with double encryption. This means that your data is sent to not one but two different servers and is encrypted at each one, for two layers of encryption in total. This makes it practically impossible for anyone to crack the encryption. There are also other special servers available like those for P2P downloads, onion over VPN, or dedicated IP.

The number of servers available has recently been expanded to form the biggest network yet, with more than 5,300 servers in some 60 countries. The software can be installed on devices running Windows, Mac OS, Linux, iOS, Chrome OS, Android, or Windows Phone.

Read our full NordVPN review.

  • Very fast speeds make this a strong choice for 4K streaming
  • GooglePlay users rating: 4.3/5.0
  • 256-bit AES encryption with perfect forward secrecy
  • Extra-secure Double VPN for data encryption
  • Great customer service via chat.
  • Sometimes slow in procesing refunds (but always do).
BEST DDOS PROTECTION: NordVPN is dedicated to protecting its users vs DDoS and other cybersecurity attacks, with specialized servers optimized for anonymity. Get a huge 70% discount on the 3-year plan ($3.49/mo), backed by a hassle-free 30-day money-back guarantee.

2. Surfshark

Surfshark VPN

Surfshark is a spectacular all-around privacy tool, and will work well to shield you from DDoS attacks. The secret weapon is, of course, encryption–namely the same 256-AES-GCM cipher used to protect NSA servers. By establishing a secure link with this encryption via OpenVPN, IKEv2/IPSec, WireGuard, you’ll be able to effectively block out would-be attackers’ ability to target your IP.

There are over 3200 servers in 65 countries to route your data through, with the option for multi-hop routing as well. Surfshark is also capable of hiding your VPN traffic with Camouflage obfuscation, ramping up the difficulty of coordinating a DDoS attack against you to infinity.

And you never have to worry about leaving traces of your identity and activity behind, as Surfshark never keeps identifiable logs.

  • Every server optimized for unblocking Netflix, BBC iPlayer, Hulu, and more
  • All 800+ servers are P2P-friendly, with private DNS and obfuscation
  • Accepts cryptocurrency payments for enhanced anonymity
  • Absolutely no logging of connection data, IP addresses, bandwidth used, or traffic
  • Get help any time of day via email, phone, or live chat.
  • Server network is not nearly as expansive as major competitors
  • Apps don’t allow for much manual fiddling for power users.

Read our full Surfshark review.

BEST BUDGET OPTION: Surfshark’s powerful encryption and obfuscation effectively shield you from DDoS targeting. Get 83% off a two-year plan + 3 months FREE for just $2.21 per month.

3. ExpressVPN


ExpressVPN is a service you’ll see many lists of top VPN providers, and for good reason. It has a great balance of fast connections, a high level of security, and easy to use software that users love. Although it doesn’t have specific anti DDoS functions that users can enable, the service is very aware of DDoS issues and takes steps to ensure that users will be safe from DDoS.

Other key features of the service include lightning fast connections that are perfect for downloading large files or for streaming high definition videos, making the service very user friendly. And the security offered is excellent, with key features like 256-bit encryption and a no logging policy to protect your privacy. In addition, there are extra security options that can enable like a kill switch to cut your connection if the VPN goes down to prevent you accidentally sending data over an unsecured server, and DNS leak protection to make sure that your data remains fully anonymous.

The network of servers you’ll get access to is massive, with over 1000 servers in 145 locations in 94 different countries. This means that you’ll be able to access the internet freely and browse as if you were located anywhere in the world. The software can be installed on devices running Windows, Mac OS, Linux, and Android, and in addition there is also an option to use the browser extensions which are available for Google Chrome, Mozilla Firefox, and Apple Safari.

Read our full ExpressVPN review.

  • SPECIAL OFFER: 3 months free (49% off - link below)
  • Fast serves with minimal speed loss
  • OpenVPN, IPSec & IKEv2 Encryption
  • No logs for personal data
  • 24/7 Live Chat.
  • Expensive month-to-month plan.
GREAT ALL-ROUNDER: Get 3 months free and save 49% on the annual plan. 30-day money back guarantee included.

4. PureVPN


For a VPN service that has a particular speciality in anti DDoS protection, you should look into PureVPN. They offer a DDoS protection service which works by protection a specific IP from DDoS attacks through careful use of filtering.

As well as this special anti DDoS service, you’ll find that the VPN has the essential security features like 256-bit encryption and a no logging policy. But there is even more security software for you to take advantage of included in the subscription as well as the VPN: features like anti virus and anti malware protection, plus an anti spam filter for your email inbox. There are options for app filtering so you can choose which apps pass their data through the VPN, plus DDoS protection, a kill switch, the option for a dedicated IP, and a NAT firewall.

The service uses fast connection speeds and has a reasonably sized server network of more than 2,000+ servers in 140 different countries. The software is available for Windows, Mac OS, Android, iOS, and Android TV devices, plus browser extensions for the Chrome and Firefox browsers.

Read our full PureVPN review.

READER SPECIAL: Save a massive 74% here on the 2-year plan, just $2.88/mo with a 31-day money back guarantee.


DDoS attacks can effect users of all sorts, not just those who run websites. These co-ordinated attacks can disable sites or web services for periods of time, making servers slow or even taking them offline all together. In order to protect yourself from these kinds of attack, you should be careful with your IP address. If people do not know your IP, then they cannot target you with a DDoS attack.

We’ve listed some of our favourites VPN services to protect you from DDoS attacks and to keep your devices as safe as possible. Have you tried out these services? And have you ever been the target of a DDoS attack? Let us know about it in the comments below.

How to get a FREE VPN for 30 days

If you need a VPN for a short while when traveling for example, you can get our top ranked VPN free of charge. NordVPN includes a 30-day money-back guarantee. You will need to pay for the subscription, that’s a fact, but it allows full access for 30 days and then you cancel for a full refund. Their no-questions-asked cancellation policy lives up to its name.


  1. This “ads” posted as legitim articles are becoming a little annoying. A VPN cannot protect a website from attacks, what this article is misleading.
    A VPN also cannot protect a infected computer (already in a botnet used to do DDoS attacks) to do such thing. If the computer is infected and part of a botnet, VPN will do NOTHING.
    This article is leading users to think that a VPN will safe (somehow) a website froma attack. How is that possible? I mean, the only point of this article is promote the “already banner infestion” of partners from this website, and have been increasing every day… Get back to the old good days when there was useful info posted, please…

    • Actually you’re somewhat wrong 🙂

      “In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.”. We’re not saying that webmasters should have a VPN to protect their websites. We’re saying that people should use a VPN to protect their true IP/identity. That way people won’t be able to attack your machine directly if they don’t know where you “live”.

      Makes sense now?

    • Still, that isn’t the point… 🙂
      There are points that doesn’t make sense in this article. First, no one will do a DDoS to a residential IP address. There is no point in doing that (and even to companies with dedicated Ips for they connections). The point of almost all DDoS attacks is cause some kind of trouble to a service/network (like a server). Attack a single home computer, sure, can cause slowdowns, but what is the point of that? I don’t remember of any reported case of that happend (but let me know if exist, is interesting to see) and i don’t belive a single person will waste resources (and money) to do a attack to a single home computer. That makes no sense at all.
      Also, those kinds of attacks can cause more troubles is to the ISP, not the customer.The attack will be to the ISP infrastructure mostly, and that can cause problems – yes – but isn’t because you are using a VPN that will avoid that…
      Still, the article says that a VPN will protect the users – that’s true and i agree that we should use one. But protect from a DDoS? No.
      The only point in this is promote the affiliates… 🙂

  2. I’m running a small website and didn’t know of such thing. Been using Nordvpn for safer browsing and am happy with it 🙂 But thanks for a very informative article

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.