They responded to you 7 minutes after discovering the irregular behavior. It's up to you to figure out the cause. It's not their responsibility to tail log files.

Had you chosen a VPS like amazon, you probably wouldn't even get notified. The first time you'd notice a problem is when you get your $1000 bandwidth bill from amazon.

You're like the customer that shows up at a restaurant and complains publicly about the food and demands a refund. When you make it a public issue, the company will move mountains to help you, but you're still an asshole for doing it.

They notified me what? They closed my account first and then mailed me after? It's like killing a man first and then saying the reason why.

If the account can reasonably be considered to be abusive (whether intentionally or because it was compromised), DigitalOcean has an even greater obligation to protect their network and the other network that's being targeted. Immediately suspending the account is the correct first step.

If DigitalOcean's support wasn't clear about their reasons for suspending the account, or if you feel that you weren't getting a helpful response from them, then post the communications you had with them to prove it.

Well, we've now heard two different stories. According to Ben, there were two events. The first time they took your server offline and contacted you to tell you about it, they did not however lock your account. When the second event occurred with you being unable to provide a reasonable explanation and apparently being unable to deal with whatever compromise occurred, they took the system down again and this time also locked your account.

Your explanation of the events only mentions a single occurrence, at which time your account was locked in addition to the server being shutdown.

In either case, a server engaging in malicious activity, is normally taken offline as soon as the malicious activity is discovered to prevent further damage from occurring. You'd get a similar response from just about any other hosting provider you care to name. If you're lucky, and they're feeling generous, they might work with you to find the problem prior to taking the system offline, but normally standard procedure is to take the system offline immediately. The fact that you seem surprised about this shows you don't have much experience administering your own servers.

The standard response usually goes something like:

1) Server is discovered doing something malicious

2) Server is taken offline/shutdown

3) Administrator is notified

3a) Read only copy of the old server HD is brought online on a new server to allow administrator to perform forensic and backup work*

4) Administrator must bring up new server to replace old compromised one

*Sometimes the provider will provide you the old HD image, sometimes not, really depends on the provider.

They basically killed the killer, 1gbit udp probably killed the website or servers of someone else.

Suspending account is an action reversable with sufficient cause, killing him is not.