diff --git a/routes/upload.js b/routes/upload.js
index 62bb863..3eaa852 100644
--- a/routes/upload.js
+++ b/routes/upload.js
@@ -2,12 +2,25 @@ const express = require('express');
 const router = express.Router();
 const handler = require('express-async-handler');
 const content = require('../helpers/content');
+
+const memcache = require('memcached');
+const cache = new memcache(process.env.SESSION_MEMCACHE_HOST);
 const crypto = require('crypto');
 
-const { MAXFILES } = process.env;
+const { MAXFILES, APP_DEBUG, RATE_LIMIT } = process.env;
+
+let ratelimits = {};
 
 async function upload(req, res) {
 
+    if (!ratelimits[req.ip])
+        ratelimits[req.ip] = Date.now();
+
+    if (Date.now() - ratelimits[req.ip] < RATE_LIMIT) {
+        res.status(503).send('You are being rate limited.');
+        return;
+    }
+
     if (req.body['_csrf'] != req.session.csrf) {
         res.status(405).send('CSRF error');
         return;
@@ -18,13 +31,12 @@ async function upload(req, res) {
         return;
     }
 
-    if (req.body[req.session.captcha_input] != req.session.captcha) {
+    if ((req.body[req.session.captcha_input] != req.session.captcha) | APP_DEBUG) {
         res.status(405).send('Bad captcha');
         return;
     }
 
     req.session.captcha = crypto.randomBytes(8).toString('base64').substring(0,6);
-    
 
     if (content.submitted() >= MAXFILES) {
         res.status(405).send('Not allowed');
@@ -42,6 +54,8 @@ async function upload(req, res) {
     res.redirect(
         '/view?id=' + encodeURIComponent(id)
     );
+
+    req.session.last_text = '';
 }
 
 router.post('/upload', handler(upload));
diff --git a/views/template/main.pug b/views/template/main.pug
index 8efb7ca..90597a3 100644
--- a/views/template/main.pug
+++ b/views/template/main.pug
@@ -7,6 +7,7 @@ html(lang='en_US')
         title blek! Bin#{title ? title : ''}
         link(rel='stylesheet' href='/static/main.css')
     body
+        script 0
         h1(align='center')
             a(href='/') blek! Bin
         p(align='center')