How many CC clients ip per second ?
I faced the same attacked issue as you said .
Nginx software firewall is not enough if too many access , I have implemented a LUA-script firewall inside the nginx configuration for forbidding the unwanted clients , But nginx itself been flood sonly.
You need to buy a big firewall in front and write the anti-attack rule inside the firewall . Then the firewall could clean the requests basic on your rules .I have a firewall on Amazon PLatform now and I can create a firewall proxy for you (A nginx server in front of your service for defending the attacks ).