Script kiddies do not know how to code, they only know how to use existing tools to create attacks. If they knew how to code, they would earn money with coding, not extortions.
How come those, who are using CloudFlare are vulnerable to this attack ? I think CloudFlare works well against DDOS ...is not it ?