Let's Encrypt For DDOS attack


#1

Hello, I’m facing DDoS attack on my blog infogeekers. As I’m using Let’s encrypt on Digital Ocean, do I need to buy premium SSL to block a DDoS attack? I’m bit confused if DDoS has something to do with SSL.


#2

A different certificate probably doesn’t make any difference, at least not which provider issued the cert. What cán differ is the amount of CPU cycles used to set up a SSL connection, but the only thing related to the certificate, is the key length and/or key algorithm.


#3

In summary, no, a DDOS attack has very, very little to do with your certificate, or TLS/SSL at all. Chances are the changes mentioned above are a drop in the proverbial bucket if you’re suffering a DDOS attack. You should look into a service like Cloudflare that can help mitigate these quite effectively.


#5

I’m going for free cloudflare with dedicated Ssl now. Thanks for your response.


#6

I do notice you do provide instructions for breaking the law (illegal copies of movies/anime), so you may already be attracting unwanted attention.

Despite it still loading “direct connect” for me (nameserver changes take up to 48 hours) it seems to be loading plenty fast for me.


#8

Obviously, I know the basic Ddos attack. Even I used cloudflare to weed out bot traffic but that didn’t even work too. As I was asking for opinion, some suggested me to try out premium ssl.


#9

An SSL is not going to protect yours from a DDoS attack. If you are seeing an application or layer 7 attack, routing traffic through Cloudflare works in most cases. If it is a volumetric attack, thats a whole different story.


#10

You might have that the wrong way around :stuck_out_tongue: ? Cloudflare will block 100% of volumetric attacks (assuming origin isn’t revealed) but it’s very hard for any WAF to prevent people exploiting request/response cost asymmetry.


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.