DDoS attacks aren't hacks, it's very important to understand that fundamental fact first. It is essentially "Baby Terrorist's First Cyber Attack". And while there are ways to mitigate the problem, it is often something that really can't be handled server- or client-side.

To understand what a DDoS attack is, it's best to use a real life analogy. Say we're in a factory making parts for different cars. In this case, you have a machine that is packing a part in a box and is constantly fed parts at a regular pace. Sometimes there will be slight surges but there are conveyer belts and limiting funnels that keep the machine working at a regular pace. The factory is the entirety of the internet. The part fabricators are basically users like you and me. The machine, in this case, is the Square Enix FFXIV servers, the boxes being shipped out are server-to-client interactions, and the parts being are packets of data. When things get congested the belts and funnels will back up the line but will for the most part keep the machine working on pace. This would take the form of login queues for us.

Now lets say that a disgruntled employee has just been fired, but knows how to reroute parts from the entire factory to this one machine. Said employee, in a spiteful rage, decides to do so. The managers and staff manage to stop the sudden surge of parts on this one line but now the machine is horribly backed up and filled with parts that are either not meant for this line or are junk. Employees now need to sift through the parts to find what is supposed to be on this line, which could mean the machine is turned off while things get fixed. The work on this one line has ground to a halt because there is just too many parts for this machine to sift through, package, and ship.

This is essentially what is happening. Script kiddies essentially caused infected and dummy computers to send ping after ping after ping in a massive flood of information to a server, and the server has no way to figure out what's good and what's not simply because there's way, way, WAY too much of it. ISPs can shut down these attacks somewhat quickly as sources often just ping unendingly, making them easy to pick out, but ultimately, once the attack starts it can be devastating, as we have seen.