Former elearning admin
Yup it happens, as does the tap on shoulder of skiddy and explaining how the proxy catches all
Quite why they would bother with a DDoS other than being newbs i dunno, just have a look at the remote execution or poison zip file attacks all elearning platforms have if you want to do real fun...
Probably patched now, but moodle had a great recursive bug where it was possible to place a reference to the zip file it was creating with a predictive name and include it in itself, boxes within boxes 5 hours later no resources left on box and progressive degradation of service, even better if the skiddy passes his "hack" around class
Then again security is single ply bog roll thin layer in most elearning shiteware, often needing to run as root due to hardocoded group memebership expectation and needing full read write access to directories well outside of the user storage space