diff --git a/config/default.json b/config/default.json
index fa5f6cb..374d7f4 100644
--- a/config/default.json
+++ b/config/default.json
@@ -3,6 +3,7 @@
     "listeningPort": 1432,
     "sessionFileStorePath": "sessions",
     "sampleUploadPath": "samples",
+    "maxSampleSize": 10737418240, // In bytes, 10GB by default
     "sessionSecret": "cats",
     "logFile": "log/noisedash.log",
     "tls": false,
diff --git a/server/routes/samples.js b/server/routes/samples.js
index 06b0e44..f9d422a 100644
--- a/server/routes/samples.js
+++ b/server/routes/samples.js
@@ -1,6 +1,8 @@
 const express = require('express')
 const config = require('config')
 const multer = require('multer')
+const fs = require('fs')
+const path = require('path')
 const storage = multer.diskStorage({
   destination: config.get('Server.sampleUploadPath'),
   filename: (req, file, cb) => {
@@ -13,7 +15,10 @@ const storage = multer.diskStorage({
     }
   }
 })
-const upload = multer({ storage: storage })
+const upload = multer({
+  storage: storage,
+  limits: { fileSize: config.get('Server.maxSampleSize') }
+})
 const db = require('../db')
 const router = express.Router()
 const logger = require('../logger')
@@ -27,33 +32,44 @@ router.post('/samples', upload.single('sample'), (req, res, next) => {
     db.get('SELECT can_upload FROM users WHERE id = ?', [req.user.id], (err, row) => {
       if (err) {
         logger.error(err)
+        deleteSample(req.user.id + '_' + req.body.name)
         return res.sendStatus(500)
       }
 
       if (row.can_upload === 0) {
+        deleteSample(req.user.id + '_' + req.body.name)
         return res.sendStatus(401)
       }
-    })
 
-    db.run('INSERT INTO samples (name, user) VALUES (?, ?)', [
-      req.body.name,
-      req.user.id
-    ],
-    (err) => {
-      if (err) {
-        logger.error(err)
-        if (err.code === 'SQLITE_CONSTRAINT') {
-          return res.sendStatus(409)
+      db.run('INSERT INTO samples (name, user) VALUES (?, ?)', [
+        req.body.name,
+        req.user.id
+      ],
+      (err) => {
+        if (err) {
+          logger.error(err)
+          deleteSample(req.user.id + '_' + req.body.name)
+          if (err.code === 'SQLITE_CONSTRAINT') {
+            return res.sendStatus(409)
+          } else {
+            return res.sendStatus(500)
+          }
         } else {
-          return res.sendStatus(500)
+          return res.sendStatus(200)
         }
-      } else {
-        return res.sendStatus(200)
-      }
+      })
     })
   })
 })
 
+function deleteSample (fileName) {
+  fs.unlink(path.join(__dirname, '../../', config.get('Server.sampleUploadPath'), fileName), (err) => {
+    if (err) {
+      logger.error(err)
+    }
+  })
+}
+
 router.get('/samples', (req, res) => {
   if (!req.user) {
     return res.sendStatus(401)