diff --git a/package-lock.json b/package-lock.json
index 939dca5..209b6a4 100755
--- a/package-lock.json
+++ b/package-lock.json
@@ -2122,6 +2122,14 @@
         }
       }
     },
+    "express-better-ratelimit": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/express-better-ratelimit/-/express-better-ratelimit-1.1.2.tgz",
+      "integrity": "sha1-quiTO4NhyvPyY2cMGuz5eJby6dw=",
+      "requires": {
+        "ipchecker": "0.0.2"
+      }
+    },
     "extend": {
       "version": "3.0.1",
       "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.1.tgz",
@@ -3676,6 +3684,11 @@
       "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.5.2.tgz",
       "integrity": "sha1-1LUFvemUaYfM8PxY2QEP+WB+P6A="
     },
+    "ipchecker": {
+      "version": "0.0.2",
+      "resolved": "https://registry.npmjs.org/ipchecker/-/ipchecker-0.0.2.tgz",
+      "integrity": "sha1-lgbr97s80jQZsUmnBOF8FTLwtnk="
+    },
     "is-absolute-url": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/is-absolute-url/-/is-absolute-url-2.1.0.tgz",
diff --git a/package.json b/package.json
index 57cbb85..aaaa1d1 100755
--- a/package.json
+++ b/package.json
@@ -12,6 +12,7 @@
     "css-loader": "^0.28.7",
     "debug": "^2.6.9",
     "express": "^4.15.5",
+    "express-better-ratelimit": "^1.1.2",
     "helmet": "^3.12.0",
     "jquery": "^3.2.1",
     "load-google-maps-api": "^1.0.0",
diff --git a/server.js b/server.js
index 4b87a75..2291650 100755
--- a/server.js
+++ b/server.js
@@ -3,6 +3,7 @@
 /* IMPORTS */
 const express = require('express')
 const helmet = require('helmet')
+const ratelimiter = require('express-better-ratelimit')
 const bodyParser = require('body-parser')
 const cookieParser = require('cookie-parser')
 const cookieSession = require('cookie-session')
@@ -72,6 +73,10 @@ let ready_promise_list = []
     extended: true
   }))
   app.use(flash())
+  app.use(ratelimiter({
+    max: 20,
+    duration: 120000, // 2 minutes
+  }))
 }
 
 /* Auth */ {