It isn't nearly that simple- they'd have to create the custom front end and get everyone to use it. I doubt one person constantly hitting the site would have any issue, it's the combination of all of his users doing it that caused the problem.
Yeah, but if you want to do a DDOS attack you can just use one of the already configured tools out there that will bombard the server with as many requests as possible. A few chained ajax requests are never going to replicate that sort of load.
