diff --git a/server.js b/server.js
index 7b1aa75..1eb650e 100644
--- a/server.js
+++ b/server.js
@@ -24,9 +24,74 @@ const cache = apicache.middleware;
 
 app.use(cache('15 minutes'));
 
+const bouncer = ['phpmyadmin',
+  'phpMyadmin',
+  'phpMyAdmin',
+  'phpmyAdmin',
+  'phpmyadmin2',
+  'phpmyadmin3',
+  'phpmyadmin4',
+  '2phpmyadmin',
+  'phpmy',
+  'phppma',
+  'myadmin',
+  'shopdb',
+  'MyAdmin',
+  'program',
+  'PMA',
+  'dbadmin',
+  'pma',
+  'db',
+  'admin',
+  'mysql',
+  'database',
+  'sqlmanager',
+  'mysqlmanager',
+  'php-myadmin',
+  'phpmy-admin',
+  'mysqladmin',
+  'mysql-admin',
+  'phpMyAdmin2',
+  'phpMyAdmin3',
+  'phpMyAdmin4',
+  'phpMyAdmin-3',
+  'php-my-admin',
+  'PMA2011',
+  'PMA2012',
+  'PMA2013',
+  'PMA2014',
+  'PMA2015',
+  'PMA2016',
+  'PMA2017',
+  'PMA2018',
+  'pma2011',
+  'pma2012',
+  'pma2013',
+  'pma2014',
+  'pma2015',
+  'pma2016',
+  'pma2017',
+  'pma2018',
+  'phpmyadmin2011',
+  'phpmyadmin2012',
+  'phpmyadmin2013',
+  'phpmyadmin2014',
+  'phpmyadmin2015',
+  'phpmyadmin2016',
+  'phpmyadmin2017',
+  'phpmyadmin2018',
+  'phpmanager'];
+
 function getUrl (req, res) {
   const theUrl = req.params.encoded_id;
   logger.debug('Want', theUrl);
+  if (theUrl === undefined || bouncer.findIndex(theUrl) !== -1 || theUrl === '') {
+    logger.warn(`You're not getting in ${theUrl}`);
+    res.status(403);
+    
+    return;
+  }
+
   const options = URL.parse(theUrl);
   options.followAllRedirects = true;
   options.headers = {
@@ -60,7 +125,6 @@ function getUrl (req, res) {
             https.request(rUrl, responseHandler).end();
           else 
             http.request(rUrl, responseHandler).end();
-
         }
 
         let data = '';