The money a class pays for their access codes could finance a couple of years of DDoS instead.
Edit: Not really. Seems like a common DDoS attack costs about $20 per hour, and an access code costs about $100 USD. Each student could buy about 5 hours of DDoS.
You don't need to black out the platform for years.
If you covered one or two critical weeks (say the weeks just before and during final exams and midterms), per semester, you're looking at 672 hours of downtime or less. Even a large availability loss-- say, down 50% of the time in peak hours-- would be enough to make the program look risky and fragile.
Edit: Not really. Seems like a common DDoS attack costs about $20 per hour, and an access code costs about $100 USD. Each student could buy about 5 hours of DDoS.