If it was an SQL injection attack they're screwed after the first attack. If there was a vulnerability in the code of the site it wouldn't make a difference to put up the same vulnerable code from a backup. It can take a week to review bad code and find the problem and rewrite it so it doesn't happen again, especially if it has to be done by someone new to the code, even someone competent. If the email server is written into the site by the same person, as is often the case on a site where everything is web based, the email would go down for the count in the first punch as well. It's not something you can turn on again because once a vulnerability is found its as if someone has a key to your site and you have to change all the locks.
It could have been done, probably was done, by any script kiddie hitting sites at random with someone elses publicly available injector script. For almost all DOS attacks there is no vast conspiracy. Any site expecting to do any volume by default is responsible for wearing clothes in 20 below winter weather (no other way to say it.) Some 18 year old hacker wanna-be decided to try to hit the site and wow man that was cool.
It still could be a DOS attack.
An SQL injection attack is a DOS attack. Flooding is not the only way to bring down a site. The right way is to also do something that will bottle up the server. An effective injection will do that, and cripple it for days, because the code needs to be fixed.
This explains how Joes site is still the only one down on the server.
They're idiots for putting so little into their site. It's noone elses fault but their own because in theres lots of nasty things in those tubes all the time. But bandwidth is only a partial issue.
Again, an SQL injection can cripple the site for days, because it is the code that needs to be patched to fix the injection vulnerability. Injections can lock up the site, and all it takes is one packet with the injection to get through once it has been discovered. That is why the site is still down, IMHO. Bringing a new coder in to read thousands of lines of code, probably poorly written and incomprehensible in this case, will not help this week, and certainly not today. Thanks anyways Ned.
To say that server accessibility is just about bandwidth and loads is not honest. More than 80% of a sites vulnerability issues are in it's coding. Based on what leiberman spent on bandwidth we can expect that the coding is even more crappier, because as seen on this site, most people think it is about bandwidth.