diff --git a/app.js b/app.js
index 8b20e79..e2372ce 100644
--- a/app.js
+++ b/app.js
@@ -56,6 +56,7 @@ app.use(passport.initialize());
 app.use(passport.session());
 
 
+
 // Periodically attempt to reconnect every 10 minutes
 cron.schedule('*/10 * * * *', async () => {
     console.log('Attempting to reconnect to the database...');
@@ -69,6 +70,20 @@ app.use(attachPendingRequestCount);
 app.use(attachPendingBetsCount);
 app.use(setAdminStatus);
 
+// Set up rate limiter: maximum of 100 requests per 15 minutes
+var RateLimit = require('express-rate-limit');
+var limiter = RateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 250, // max 100 requests per windowMs
+});
+
+
+app.set('view engine', 'ejs');
+app.use(express.static('public'));
+
+// Apply rate limiter to all requests
+app.use(limiter);
+
 app.use(require('./routes/auth'));
 app.use(require('./routes/index'));
 app.use(isAuthenticated, require('./routes/dashboard'));
@@ -78,8 +93,7 @@ app.use('/bak', isAuthenticated, require('./routes/bak'));
 app.use('/bak-getrokken', isAuthenticated, require('./routes/bakGetrokken'));
 app.use('/admin', isAuthenticated, isAdmin, require('./routes/admin'));
 
-app.set('view engine', 'ejs');
-app.use(express.static('public'));
+
 
 app.use(function (req, res, next) {
     res.status(404).render('error/404');
diff --git a/package-lock.json b/package-lock.json
index 426c470..31c2444 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,6 +14,7 @@
         "dotenv": "^16.4.5",
         "ejs": "^3.1.9",
         "express": "^4.18.3",
+        "express-rate-limit": "^7.2.0",
         "express-session": "^1.18.0",
         "lusca": "^1.7.0",
         "mssql": "^10.0.2",
@@ -1614,6 +1615,20 @@
         "node": ">= 0.10.0"
       }
     },
+    "node_modules/express-rate-limit": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.2.0.tgz",
+      "integrity": "sha512-T7nul1t4TNyfZMJ7pKRKkdeVJWa2CqB8NA1P8BwYaoDI5QSBZARv5oMS43J7b7I5P+4asjVXjb7ONuwDKucahg==",
+      "engines": {
+        "node": ">= 16"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/express-rate-limit"
+      },
+      "peerDependencies": {
+        "express": "4 || 5 || ^5.0.0-beta.1"
+      }
+    },
     "node_modules/express-session": {
       "version": "1.18.0",
       "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.18.0.tgz",
diff --git a/package.json b/package.json
index 966fb62..b043312 100644
--- a/package.json
+++ b/package.json
@@ -16,6 +16,7 @@
     "dotenv": "^16.4.5",
     "ejs": "^3.1.9",
     "express": "^4.18.3",
+    "express-rate-limit": "^7.2.0",
     "express-session": "^1.18.0",
     "lusca": "^1.7.0",
     "mssql": "^10.0.2",
diff --git a/routes/bak.js b/routes/bak.js
index e58dbf5..d6b5d0b 100644
--- a/routes/bak.js
+++ b/routes/bak.js
@@ -73,7 +73,8 @@ router.post('/submit', async (req, res) => {
 
         res.redirect('/dashboard');
     } catch (error) {
-        res.status(500).send(error.message);
+        console.error(error.message); // Log the error on the server
+        res.status(500).send('An error occurred'); // Send a generic error message to the client
     }
 });