diff --git a/index.js b/index.js
index 9f1d85b..770de0f 100644
--- a/index.js
+++ b/index.js
@@ -6,6 +6,7 @@ const fs = require("fs");
 const path = require("path");
 const cryptojs = require("crypto-js");
 const { Server } = require("socket.io");
+const rateLimit = require("express-rate-limit");
 
 require("dotenv").config();
 
@@ -13,6 +14,13 @@ const app = express(),
   server = require("http").createServer(app),
   io = new Server().listen(server);
 
+const limiter = rateLimit({
+  windowMs: 24 * 60 * 60 * 1000, // one day limit
+  max: 5,
+  standardHeaders: true,
+  legacyHeaders: false,
+});
+
 if (!fs.existsSync("./notes")) {
   fs.mkdirSync("./notes");
 }
@@ -57,7 +65,7 @@ io.on("connection", (socket) => {
 
 app.use(bodyParser.json());
 
-app.post("/publish", function (req, res) {
+app.post("/publish", limiter, function (req, res) {
   if (isValidNote(req.body)) {
     let hash = sha3(JSON.stringify(req.body));
     req.body.time = Date.now();
diff --git a/package-lock.json b/package-lock.json
index 9e1ff37..73607ea 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15,6 +15,7 @@
         "crypto-js": "^4.1.1",
         "dotenv": "^16.0.3",
         "express": "^4.18.2",
+        "express-rate-limit": "^6.7.0",
         "fuse.js": "^6.6.2",
         "js-sha3": "^0.8.0",
         "openai": "^3.2.1",
@@ -2046,6 +2047,17 @@
         "node": ">= 0.10.0"
       }
     },
+    "node_modules/express-rate-limit": {
+      "version": "6.7.0",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.7.0.tgz",
+      "integrity": "sha512-vhwIdRoqcYB/72TK3tRZI+0ttS8Ytrk24GfmsxDXK9o9IhHNO5bXRiXQSExPQ4GbaE5tvIS7j1SGrxsuWs+sGA==",
+      "engines": {
+        "node": ">= 12.9.0"
+      },
+      "peerDependencies": {
+        "express": "^4 || ^5"
+      }
+    },
     "node_modules/express/node_modules/body-parser": {
       "version": "1.20.1",
       "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
@@ -7104,6 +7116,12 @@
         }
       }
     },
+    "express-rate-limit": {
+      "version": "6.7.0",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.7.0.tgz",
+      "integrity": "sha512-vhwIdRoqcYB/72TK3tRZI+0ttS8Ytrk24GfmsxDXK9o9IhHNO5bXRiXQSExPQ4GbaE5tvIS7j1SGrxsuWs+sGA==",
+      "requires": {}
+    },
     "extend": {
       "version": "3.0.2",
       "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
diff --git a/package.json b/package.json
index 5a81c79..0828244 100644
--- a/package.json
+++ b/package.json
@@ -18,6 +18,7 @@
     "crypto-js": "^4.1.1",
     "dotenv": "^16.0.3",
     "express": "^4.18.2",
+    "express-rate-limit": "^6.7.0",
     "fuse.js": "^6.6.2",
     "js-sha3": "^0.8.0",
     "openai": "^3.2.1",