diff --git a/cloudron.js b/cloudron.js
index a56b5b4..e7778f0 100644
--- a/cloudron.js
+++ b/cloudron.js
@@ -9,11 +9,13 @@ var assert = require('assert'),
     dns = require('dns'),
     ImapProbe = require('./imap-probe.js'),
     querystring = require('querystring'),
+    net = require('net'),
     nodemailer = require('nodemailer'),
     once = require('once'),
     request = require('superagent-sync'),
     smtpTransport = require('nodemailer-smtp-transport'),
     sleep = require('./shell.js').sleep,
+    superagent = require('superagent'),
     tcpBomb = require('./tcpbomb.js'),
     tls = require('tls'),
     url = require('url'),
@@ -782,17 +784,18 @@ Cloudron.prototype.checkTcpRateLimit = function (port, times, callback) {
     });
 };
 
-Cloudron.prototype.checkNginxRateLimit = function (times, callback) {
+Cloudron.prototype.checkNginxRateLimit = function (owner, times, callback) {
     var ok = 0;
+    var that = this;
 
     async.times(times, function (n, done) {
-        var client = new net.Socket();
- 
-        var res = request.post('https://' + this._box.ip + '/api/v1/developer/login').send({ username: owner.username, password: owner.password }).end();
+        superagent.post('https://' + that._adminFqdn + '/api/v1/developer/login').send({ username: owner.username, password: owner.password }).end(function (error, result) {
+            if (!error && result.statusCode === 200) ++ok;
 
-        if (res.statusCode === 200) ++ok;
+            done();
+        });
+    }, function () {
+        callback(ok == times ? new Error('All requests succeeded') : null);
     });
-
-    callback(ok == times ? new Error('All requests succeeded') : null);
 };
 
diff --git a/package.json b/package.json
index 60018c1..98a37a8 100644
--- a/package.json
+++ b/package.json
@@ -14,7 +14,7 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "async": "^1.4.0",
+    "async": "^2.2.0",
     "aws-sdk": "^2.2.23",
     "colors": "^1.1.0",
     "debug": "^2.2.0",
diff --git a/test/new-user-test.js b/test/new-user-test.js
index 83c0a67..76668aa 100644
--- a/test/new-user-test.js
+++ b/test/new-user-test.js
@@ -133,17 +133,19 @@ describe('Appstore new user flow', function () {
     });
 
     it('does TCP ratelimiting', function (done) {
+        this.timeout(12000);
+
         async.series([
             cloudron.checkTcpRateLimit.bind(cloudron, 202, 5), // ssh
             cloudron.checkTcpRateLimit.bind(cloudron, 25, 50), // mail
-            cloudron.checkTcpRateLimit.bind(cloudron, 587, 50), // msa
-            cloudron.checkTcpRateLimit.bind(cloudron, 993, 50), // imap
-            cloudron.checkTcpRateLimit.bind(cloudron, 4190, 50), // sieve
+            cloudron.checkTcpRateLimit.bind(cloudron, 587, 60), // msa
+            cloudron.checkTcpRateLimit.bind(cloudron, 993, 60), // imap
+            cloudron.checkTcpRateLimit.bind(cloudron, 4190, 60), // sieve
         ], done);
     });
 
     it('does nginx ratelimiting', function (done) {
-        cloudron.checkNginxRateLimit(10, done);
+        cloudron.checkNginxRateLimit(owner, 10, done);
     });
 
     it('can delete the cloudron', function () {