Honest answer: Delete it and get off the net. Probably not the answer you;re looking for though. How about we start off with some specifics as to what OS you;re running for your server and how much specific control you have over it.
CSF (linux) provides some protection if the attack is coming from one, or a very small number of IPs but if they're using a botnet (most common method of attack) it will be useless as the attack will come from likely hundreds of IPs from all over the world. CSF protects by banning IPs when they connect too frequently. It's generally said that using CSF will cause more problems for your legit users as it's likely to ban users when they use connection intense protocols like FTP, HTTP, IMAP, etc. Since it won't protect against botnet attacks its generally discouraged to use CSF for that kind of protection. Your best bet would be a hardware firewall (OS independent) but those get expensive quick and you have to have some sort of access to the network topology or at least a tech at your datacenter wiling to install it for you. Otherwise, you're mostly out of luck. DOS is very hard to protect against cheaply. Once an attack starts though, if you can, you can suspend the account that is being targeted until the attack stops then unsuspend the account. Unfortunately that's about all you can do.
hw firewall won't help if it's a *real* ddos. Best option is to checkout providers who offer ddos protection, like Staminus Gigenet or Sharktech.