mod_evasive be careful with how tightly you set the settings though it can cause real problems with high imaged sites. Install csf and lfd on your server and advanced mod_security filters.
There's a company called prolexic that specialises in helping you survive DDoS attacks. Basically, the guy who started it had an idea that he could buy up loads of bandwidth, transfer the target's IP address to his servers, filter out the DDoS and pass the normal traffic on to the original site. It worked really well so he started an entire company based around that premise. Generally, the way a DDoS (as opposed to a DoS) works is that they flood you with so many requests that the 1% of your traffic that are legitimate users are unlikely to get the website they want. If you can identify the offending packets cheaply, and drop them then you might be able to survive but it's usually quite difficult to identify them as they often look like normal traffic and come from a large range of IP addresses. Sometimes they will try to keep the TCP connection open so that no-one else can connect on that port for a few minutes until the connection times out. Lowering your tcp connection timeout value can help with this sort of attack. Most likely, however, is that you won't have the processing power or bandwidth to deal with the problem yourself, and often the problem is not with your server but with the router just upstream from you. Most people, when confronted with a DDoS, call up their upstream provider and ask them to block the offending packets.