DDoS attacks sound scary, and they really are unless you know how to protect yourself. Today’s article focuses on just that; we cover the methods and risks involved in distributed denial of service attacks, plus how to fight back using a VPN. We also present our favorite VPN providers proven to enhance your security online.
You’ve probably heard the term DDoS attack, but you might not be quite sure what it means. You might also be under the impression that DDoS attacks only affect big companies like Google or Apple. But in fact, these attacks can effect users of all kinds.
Hide your IP and protect yourself from DDoS attacks with these VPNs:
- NordVPN – Best vs. DDoS – NordVPN offers specialty servers fine-tuned to thwart DDoS attacks. And even if that server gets bogged down, you can always switch to another of NordVPN’s thousands of servers.
- Surfshark – Robust network with military-grade encryption and automatic obfuscation.
- ExpressVPN – Myriad leak protections, fast speeds, and rotating IPs make you a difficult target.
- PureVPN – Offers automatic DDoS protection which blocks unwarranted traffic and shields your IP.
Below, we’ll address the pressing question: “what is a DDoS attack, and how can I protect myself?”
What is a DDoS attack?
DDoS stands for Distributed Denial of Service, and it is a subtype of a denial of service attack. A DoS attack is when a server is deliberately targeted with very large numbers of requests, in order to block or crash the server. If you’ve ever tried to access a site at the same time as many other people – for example, to buy concert tickets or limited edition products just after they go on sale – then you’ll have seen that too many users will make a server slow right down or crash. In the case of a product launch, this crashing of the server is inadvertent. In a DoS attack, this same effect is achieved deliberately by targeting the server. The purpose is to make the target website go offline, either to cause hassle for the site administrator or to try to silence the site.
Typically, a DoS attack is fairly easy to stop. If a server sees that a huge number of requests are coming from one location – that is, the one person who is performing the DoS attack – then the server can simply block requests from that location. This will shut down the DoS attack.
DoS vs DDoS
So hackers who want to take down websites came up with a new method: the Distributed Denial of Service, or DDoS attack. In this method, the server is pelted with many requests to crash it, just like a DoS attack, but these requests come from multiple different locations. Instead of all requests coming from one IP address, the hacker uses multiple different machines in different places to hammer the server, making a DDoS attack much more difficult to protect from due to its decentralized nature.
There are various methods that hackers can use to access multiple machines in order to perform a DDoS attack. The most common method is to use a botnet, in which users’ machines are taken over and used without permission to perform the attack. A common way that devices become part of a botnet is when users install free ‘security software’ which actually compromises their security. Hackers can then buy access to a botnet and use these many devices in their DDoS attack to take a site down.
LEARN MORE: What is a botnet, and how do I stay safe?
What risks do DDoS attacks pose to ordinary users?
There are two separate issues you should be aware of regarding DDoS attacks as a user. The first issue is if you run a website or web service of your own. In this case, you need to protect the IP address that hosts your site from DDoS attacks. There are various methods that you can use to protect your site including finding a hosting service that offers specific DDoS protection to ensure that your site stays up even if someone tries to perform a DDoS attack on it.
The second issue you should be aware of is that you could be impacted by a DDoS attack even if you don’t have a website which you host. If you install the wrong software onto your device, your device could become part of a botnet and be used in DDoS attacks. Not only does this make you inadvertently part of a hacking operation aiming to take down a website, but it can also slow down your device and your internet connection. To avoid your device being used in a DDoS attack without your knowledge, follow our advice on how to avoid becoming part of a botnet.
You can be majorly impacted by a DDoS attack not only if you run a website, but also through other methods. It is possible to mount DDoS attacks against email inboxes and even phone numbers. The principle is the same in each case: discover the details of the target (usually an IP address, but it could also be a phone number or email address) then swap the server with so much data that the service fails. This kind of attack can effect users of all kinds.
RELATED READING: How to protect your identity with an anonymous email account
How can you protect yourself from DDoS attacks?
One method that can help both website owners and users who are concerned about their devices being used in a DDoS attack is to use a VPN service. A VPN service works by installing software onto your device which encrypts all of the data your device sends over the internet, and then routes this data via a server run by your VPN. This means that your device’s IP address is hidden, so no one can discover your real IP address. If no one knows your IP address, then they won’t be able to mount a DDoS attack against you. Further, using a VPN will improve your device’s security and make it much harder for hackers to access your device. If your device cannot be hacked, then it won’t be used as part of a DDoS attack.
VPNs with DDoS Protection
If you wanted to make absolutely sure that your IP address is safe from DDoS attacks, you’ll find that some VPN providers even have special anti DDoS servers. The DDoS mitigation techniques work by filtering out the traffic which is directed towards your IP address in order to protect you. Firstly, like other VPN servers, an anti DDoS server will hide your IP address so that when you are active online, sites and companies won’t be able to see your true IP address. Then, traffic which is directed towards your IP address is run through filtering software.
This filtering software analyses the origin and other metadata of incoming traffic to check whether it is valid. If the incoming traffic is valid – for example, a website returning data that you have requested through your browser – then it is allowed through the anti DDoS filter. However, if the incoming traffic looks suspicious – for example, coming at a very high volume at the same time from many different origins around the world – then it is detected as a possible DDoS attack and is not allowed through the filter. This means that traffic from bots which is malicious and aims to implement a DDoS attack is blocked, but legitimate traffic from actual human beings is allowed through as usual.
An advantage of using a VPN with DDoS protection is that you don’t have to change your current hoster. If you have a website hosted by a company that you like and want to keep, but that hoster doesn’t offer DDoS protection, then you can use a VPN to filter traffic to your site. This is quick to set up and much less hassle than finding a new hosting service which does offer DDoS protection and migrating your site over. Because legitimate traffic is allowed through the VPN anti DDoS filter, your visitors won’t notice any difference when visiting your website – but you can be confident that your site won’t be taken down by a DDoS attack.
Best VPNs to guard against DDoS attacks
If you’re looking for a VPN to protect you from DDoS attacks, then we’ve put together some recommendations for VPNs that will keep you and your devices safe:
If you’re looking for a VPN with the best standards of security and specific protections against DDoS, then we recommend NordVPN. This service offers special anti DDoS servers which you can connect to and which will filter incoming traffic to your IP address to protect you from DDoS attacks.
As well as these specific protections from DDoS, you’ll find a host of other security features included in the service too. Of course, the VPN uses the 256-bit encryption for a high level of protection and has a no logging policy to ensure your privacy. But there are many more options that the security minded user will appreciate, like the option to use a server with double encryption. This means that your data is sent to not one but two different servers and is encrypted at each one, for two layers of encryption in total. This makes it practically impossible for anyone to crack the encryption. There are also other special servers available like those for P2P downloads, onion over VPN, or dedicated IP.
The number of servers available has recently been expanded to form the biggest network yet, with more than 5,300 servers in some 60 countries. The software can be installed on devices running Windows, Mac OS, Linux, iOS, Chrome OS, Android, or Windows Phone.
Read our full NordVPN review.
- Very fast speeds make this a strong choice for 4K streaming
- GooglePlay users rating: 4.3/5.0
- 256-bit AES encryption with perfect forward secrecy
- Extra-secure Double VPN for data encryption
- Great customer service via chat.
- Sometimes slow in procesing refunds (but always do).
Surfshark is a spectacular all-around privacy tool, and will work well to shield you from DDoS attacks. The secret weapon is, of course, encryption–namely the same 256-AES-GCM cipher used to protect NSA servers. By establishing a secure link with this encryption via OpenVPN, IKEv2/IPSec, WireGuard, you’ll be able to effectively block out would-be attackers’ ability to target your IP.
There are over 3200 servers in 65 countries to route your data through, with the option for multi-hop routing as well. Surfshark is also capable of hiding your VPN traffic with Camouflage obfuscation, ramping up the difficulty of coordinating a DDoS attack against you to infinity.
And you never have to worry about leaving traces of your identity and activity behind, as Surfshark never keeps identifiable logs.
- Every server optimized for unblocking Netflix, BBC iPlayer, Hulu, and more
- Every server is a speciality server
- No questions asked money back guarantee
- Based in the British Virgin Islands, where there are no data retention laws
- Responsive customer support available 24/7.
- Growing network doesn’t have same coverage as more mature VPNs
- New-kid-on-the-block status may not instill same trust as larger providers.
Read our full Surfshark review.
ExpressVPN is a service you’ll see many lists of top VPN providers, and for good reason. It has a great balance of fast connections, a high level of security, and easy to use software that users love. Although it doesn’t have specific anti DDoS functions that users can enable, the service is very aware of DDoS issues and takes steps to ensure that users will be safe from DDoS.
Other key features of the service include lightning fast connections that are perfect for downloading large files or for streaming high definition videos, making the service very user friendly. And the security offered is excellent, with key features like 256-bit encryption and a no logging policy to protect your privacy. In addition, there are extra security options that can enable like a kill switch to cut your connection if the VPN goes down to prevent you accidentally sending data over an unsecured server, and DNS leak protection to make sure that your data remains fully anonymous.
The network of servers you’ll get access to is massive, with over 1000 servers in 145 locations in 94 different countries. This means that you’ll be able to access the internet freely and browse as if you were located anywhere in the world. The software can be installed on devices running Windows, Mac OS, Linux, and Android, and in addition there is also an option to use the browser extensions which are available for Google Chrome, Mozilla Firefox, and Apple Safari.
Read our full ExpressVPN review.
- SPECIAL OFFER: 3 months free (49% off - link below)
- Fast serves with minimal speed loss
- OpenVPN, IPSec & IKEv2 Encryption
- No logs for personal data
- 24/7 Live Chat.
- Expensive month-to-month plan.
For a VPN service that has a particular speciality in anti DDoS protection, you should look into PureVPN. They offer a DDoS protection service which works by protection a specific IP from DDoS attacks through careful use of filtering.
As well as this special anti DDoS service, you’ll find that the VPN has the essential security features like 256-bit encryption and a no logging policy. But there is even more security software for you to take advantage of included in the subscription as well as the VPN: features like anti virus and anti malware protection, plus an anti spam filter for your email inbox. There are options for app filtering so you can choose which apps pass their data through the VPN, plus DDoS protection, a kill switch, the option for a dedicated IP, and a NAT firewall.
The service uses fast connection speeds and has a reasonably sized server network of more than 2,000+ servers in 140 different countries. The software is available for Windows, Mac OS, Android, iOS, and Android TV devices, plus browser extensions for the Chrome and Firefox browsers.
Read our full PureVPN review.
DDoS attacks can effect users of all sorts, not just those who run websites. These co-ordinated attacks can disable sites or web services for periods of time, making servers slow or even taking them offline all together. In order to protect yourself from these kinds of attack, you should be careful with your IP address. If people do not know your IP, then they cannot target you with a DDoS attack.
We’ve listed some of our favourites VPN services to protect you from DDoS attacks and to keep your devices as safe as possible. Have you tried out these services? And have you ever been the target of a DDoS attack? Let us know about it in the comments below.
If you need a VPN for a short while when traveling for example, you can get our top ranked VPN free of charge. NordVPN includes a 30-day money-back guarantee. You will need to pay for the subscription, that’s a fact, but it allows full access for 30 days and then you cancel for a full refund. Their no-questions-asked cancellation policy lives up to its name.