Every server out there has an attack vector of some sort. Then it's all up to the patience and skill of the attacker.
The real question here is: are you able to figure out what and how is hitting you?
If the answer is yes then you can establish some sort of countermeasure. Even if it involves some discomfort for your users.
There has been layer 7 attacks always, so you need to be more specific or provide tcpdump logs.
As of recently, new methods of ddosing servers have been found out. The problem is, there isn't actually a "way to protect" for everybody.
The new attacks are based on layer 7, which the freebsd's PF and IPFW does not support unfortunately. Other then creating a reverse proxy for the server, which could filter out the ips, is there any alternative method?
After also testing on multiple servers, it seems that even the bigger servers have problems with it, if somebody decides to pay 100 euro for a stresser subscription with layer 7 methods, it can be bad.