For serious accounts (in the 6 digits/year) absolutely not, unless the attack is large enough to affect other customers.
Admittedly RailsMachine looks very small, in all likelihood their pipe was rather easily clogged and they simply didn't have the choices that larger ISPs have.
> For serious accounts (in the 6 digits/year) absolutely not, unless the attack is large enough to affect other customers.
If it doesn't affect other customers, a hosting company won't act or even be aware, in most cases. They'll just send you a bill for the transfer. If someone attacks you and it impacts other customers, you get nulled. I'm aware of 7 digits/year and 8 digits/year accounts through industry anecdotes that have had machines nulled. The engineer operating the null doesn't say, "oh, that's X, maybe I shouldn't fix the network for my other customers".
There's a bit of middle ground between "sending a bill" and nulling.
I've been hit by two larger attacks in the past (GBit/s range) and the respective ISPs were both extremely supportive, switching our IPs while they tightened their filters. Neither billed us a dime despite our ingress spike making quite a bump in their charts and a lot of handholding over 2-3 days.
Nulling immediately is. You're also assuming that this is Pastie's first DoS attack, which we don't know based on the information presented to us.