prevent malicious user

**Summary**
* Server needs to limit max size message sent from client using [`maxPayload`](https://github.com/websockets/ws/blob/master/doc/ws.md#new-websocketserveroptions-callback)
* need to limit the number of pending connections `backlog`
* need to limit the total connection count 

More on security:
*. [heroku websocket](https://devcenter.heroku.com/articles/websocket-security)