We have a bunch of things set up that can help to handle DDoS traffic if it should ever happen (*knock wood*), and there are various providers and services that you can put in place to help mitigate, but in general, handling a DDoS attack is by nature reactive, not proactive -- unless you're a service that absolutely needs to be 100% available (like, I dunno, infrastructure that runs the power grid or something) it's better to put basic provisions into place and then work with your hosting providers to mitigate the excess malicious traffic if the worst should happen and you get hit. It's just not practical to keep DDoS mitigation in place all the time when it's only needed in absolute emergencies.

(Which means that yes, if we were to be hit with a bad enough DDoS, we'd be down for a while until we could get the traffic handled. But the same is true of most sites: you put things into place to handle a basic level of traffic spike -- which could be a DDoS or it could be a legitimate traffic increase! -- and put the big guns in place if they're needed.)

But we've had a large Russian userbase for a while now (which I think is awesome, I love loading the Latest Things page and seeing languages I don't speak much of -- it shows that our baby is growing up!) and, knock wood, there's been no signs of trouble. The DDoS attacks on LJ have been against a very specific set of journals, not "Russian-language journals" as a collective.