I edited above that both busy.org and steemit.com were DDoS attacked, but some other sites worked and services using nodes directly such as exchanges were up.
Are you telling me the design of these sites is loading data from the blockchain by way of passing through the centralized website instead of directly to the client via a WebSocket?
That does not make any sense!
The website for busy.org was loading just fine. It was the user data from the blockchain that was not working. Thus I logically concluded that the blockchain nodes which serve data were DDoSed.
Are you saying that there is centralized caching of the data? So that would be design flaw.
websockets connect to a web server (a websocket server is a web server, by definition).
That is the point where it gets DDoSed. The static web content (javascript code, etc.) is much harder easier to serve up and harder to DDoS.
There's no 'centralized' caching of data in the sense that anyone can run their own web server and a node and it doesn't rely on any other.
It is also possible to just run a client that doesn't rely on a remote web server for UI although unless you are also running a node you will be relying on a remote web server for the web socket and susceptible to DDoS. Some people have done the former and avoid all interruptions related to web servers and web services, although there isn't any user friendly way to do that (requires installing all of the front and back end software yourself).