Botnets have notoriously bad security. Many of the people running them have no technical knowledge and/or are using "cracked" versions of paid botnet software that are backdoored or intentionally left unsecured. A lot of the software is heavily modified or even left incomplete by the person that leaked it, leading to vulnerabilities open to anybody with some technical competence and the time to poke around a little.

Unrelated to this discussion, I must compliment you on your chosen handle. I used a variation of that back in the day during Half-Life and early Counter-Strike. Zero and everything hehe. Cheers.

Why? DDOSers are mostly dumb skids who rent botnets.

Pretty much everyone is very bad at security

Serial DDoSers tend to have about the same level of computer knowledge as your parents. They just buy/rent botnets or pre-made software and templates to spread botnets.

And that's for the people actually hosting the botnet or "booter" (which seems to be what the parent poster found). Most of the time, it's one more layer down: just some kids paying for the right to enter an IP to DDoS temporarily.