Duniter already has an anti-DDoS internal service (limiter.js) which has a global scope (each URL has a quota), but we could also have a per-IP protection like the following:
https://github.com/rook2pawn/node-ddos