Cloudflare specialise at this kind of stuff. The "obnoxious" page could possibly be customisable, but probably at significant cost. I've seen that very same page put in front of high profile banking sites previously. You will only see it when an attack is in progress, other times you just get switched through directly to the destination site.
The holding page typically needs to be hosted on separate (CloudFlare in this instance) infrastructure as (1) they have very big pipes to be able to absorb the sometimes massive traffic flows directed at targetted sites - these can typically be multi-gigabit sustained flows that would just conjest and overwhelm the usual connection a site like FlyerTalk might have contracted to have in front of their website. Think of a traffic jam, but a very bad one; maybe Flyertalk usually lives on a two lane highway, but all of a sudden it needs a 20 lane freeway to bring the traffic to the front door, and even then it can't keep up.
And (2) the holding page will have some funky algorithms in it that can self-adjust dynamically based on what is being thrown at FlyerTalk and I would suggest other customers of cloudflare. Many DDoS attacks attempt to overwhelm a website by making lots of connection requests but then never actually asking for a webpage. A bit like kids ringing your doorbell and then running off. Repeat many many many times each second. This is highly specialised stuff that needs to be oursourced to the specialists where they can aggregate their knowledge across mulitple customers.
The attacks can go further into the web application itself, with all manner of ways to try to nobble the website itself - with damage and data loss - if the web application has any latent flaws in it. This can happen at any time, but when it's mixed up in the deluge of a wider attack trying to defend youself from the real nasty stuff when you can't see the wood through the trees is very difficult. Although not a silver bullet, the CloudFlare tech will assist with defeating many attempts to do nasty stuff to the web application itself. And I hasten to add that just because there is an attack there's no specific additional risk that data has been lost or compromised.
Where you had a contractural relationship with a site to provide a service, and they are extracting money from you for the provision of that site, then you would expect them to invest in appropriate protection. But FlyerTalk doesn't cost me anything apart from having adverts on the site, yet the owners are investing their money to keep their brand and webpresence up on the net. It's their commercial decision but probably an honourable one, but there will be a significant dent in their income stream from adverts to pay for the DDoS mitigation.