It should not need a reboot to recover from this if that is indeed what’s happening. The service provider, the web server they host, or the forum engine itself (worst option) should detect this and have some kind of flood / ddos control to protect the resources of the application and decline those connections. I’m assuming that the forum isn’t self hosted (I help run one which is and you get a lot more control and lower ongoing costs then but also have to solve all your own problems

You don’t need legislation and likely won’t get global agreement and compliance. Distributed denial of service attacks have been doing this for decades deliberately and there are known defences (which do need adaptation over time)