diff --git a/lib/travis/api/attack.rb b/lib/travis/api/attack.rb
index d103739e..12c4adb8 100644
--- a/lib/travis/api/attack.rb
+++ b/lib/travis/api/attack.rb
@@ -35,6 +35,16 @@ class Rack::Attack
      end
   end
 
+  ####
+  # Ban based on: IP address or access token
+  # Ban time:     1 hour
+  # Ban after:    10 POST requests within 30 seconds
+  blacklist('spamming with POST requests') do |request|
+     Rack::Attack::Allow2Ban.filter(request.identifier, maxretry: 10, findtime: 30.seconds, bantime: 1.hour) do
+       request.post?
+     end
+  end
+
   ###
   # Throttle:  unauthenticated requests - 50 per minute
   # Scoped by: IP address