diff --git a/env.example b/env.example
index 96e0380..c9d48ef 100644
--- a/env.example
+++ b/env.example
@@ -3,3 +3,4 @@ DATABASE_FILE=${HOME}/.hitman.db
 LISTENING_ADDR=0.0.0.0
 LISTENING_PORT=5000
 HITMAN_ORIGIN=http://localhost:3000
+RUST_LOG=hitman=info
diff --git a/migrations/20240331234446_slugs.down.sql b/migrations/20240331234446_slugs.down.sql
new file mode 100644
index 0000000..57d10fc
--- /dev/null
+++ b/migrations/20240331234446_slugs.down.sql
@@ -0,0 +1 @@
+drop table if exists slugs;
diff --git a/migrations/20240331234446_slugs.up.sql b/migrations/20240331234446_slugs.up.sql
new file mode 100644
index 0000000..d4663cd
--- /dev/null
+++ b/migrations/20240331234446_slugs.up.sql
@@ -0,0 +1,7 @@
+create table if not exists slugs (
+  id integer primary key,
+  slug text not null unique,
+  created_at timestamp not null default CURRENT_TIMESTAMP
+);
+
+create index if not exists created_slugs_dex on slugs(created_at);
diff --git a/src/main.rs b/src/main.rs
index c37e8eb..1b7174a 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,4 +1,5 @@
 use std::{
+    collections::HashSet,
     env::VarError,
     ffi::OsString,
     io::Write,
@@ -78,6 +79,18 @@ async fn register_hit(
 ) -> String {
     let slug = &slug;
 
+    let slugs: HashSet<String> = sqlx::query!("select slug from slugs")
+        .fetch_all(&db)
+        .await
+        .unwrap_or(Vec::new())
+        .iter()
+        .map(|r| r.slug.to_string())
+        .collect();
+    if !slugs.contains(slug) {
+        log::info!("rejecting invalid slug {slug}");
+        return "".to_string();
+    }
+
     let host = ip.to_string();
 
     let now = chrono::Utc::now();