diff --git a/files/routes/admin.py b/files/routes/admin.py
index 66508b789..554fe4b4e 100644
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@@ -1042,12 +1042,14 @@ def ban_user(user_id, v):
 
 	if 'reason' in request.values:
 		if request.values["reason"].startswith("/post/"):
-			post = int(request.values["reason"].split("/post/")[1].split(None, 1)[0])
+			try: post = int(request.values["reason"].split("/post/")[1].split(None, 1)[0])
+			except: abort(400)
 			post = get_post(post)
 			post.bannedfor = f'{duration} by @{v.username}'
 			g.db.add(post)
 		elif request.values["reason"].startswith("/comment/"):
-			comment = int(request.values["reason"].split("/comment/")[1].split(None, 1)[0])
+			try: comment = int(request.values["reason"].split("/comment/")[1].split(None, 1)[0])
+			except: abort(400)
 			comment = get_comment(comment)
 			comment.bannedfor = f'{duration} by @{v.username}'
 			g.db.add(comment)
diff --git a/files/routes/login.py b/files/routes/login.py
index b90f22337..3dd65a435 100644
--- a/files/routes/login.py
+++ b/files/routes/login.py
@@ -121,8 +121,11 @@ def login_post():
 	elif request.values.get("2fa_token", "x"):
 		now = int(time.time())
 
-		if now - int(request.values.get("time")) > 600:
-			return redirect('/login')
+		try:
+			if now - int(request.values.get("time")) > 600:
+				return redirect('/login')
+		except:
+			abort(400)
 
 		formhash = request.values.get("hash")
 		if not validate_hash(f"{account.id}+{request.values.get('time')}+2fachallenge", formhash):