Putting a timeout seems to be helping a lot because it's a sweeping fix. That combined with rate-limiting ws messages covers the basics. But I think I need to also punish slow queries similar to rate-limiting, so that if you spend too much query time over a period you get blocked for a short period.