diff --git a/daemon.py b/daemon.py
index 522703d8..048bdf49 100644
--- a/daemon.py
+++ b/daemon.py
@@ -164,6 +164,7 @@ from shares import getSharesFeedForPerson
 from shares import addShare
 from shares import removeShare
 from shares import expireShares
+from utils import containsInvalidChars
 from utils import isSystemAccount
 from utils import setConfigParam
 from utils import getConfigParam
@@ -11759,6 +11760,11 @@ class PubServer(BaseHTTPRequestHandler):
                 self.server.POSTbusy = False
                 return
 
+        if containsInvalidChars(messageBytes.decode("utf-8")):
+            self._400()
+            self.server.POSTbusy = False
+            return
+
         # convert the raw bytes to json
         messageJson = json.loads(messageBytes)
 
diff --git a/utils.py b/utils.py
index bc8f9f06..6ed6c1c6 100644
--- a/utils.py
+++ b/utils.py
@@ -273,6 +273,19 @@ def isEvil(domain: str) -> bool:
     return False
 
 
+def containsInvalidChars(jsonStr: str) -> bool:
+    """Does the given json string contain invalid characters?
+    e.g. dubious clacks/admin dogwhistles
+    """
+    invalidStrings = {
+        '卐', '卍', '࿕', '࿖', '࿗', '࿘'
+    }
+    for isInvalid in invalidStrings:
+        if isInvalid in jsonStr:
+            return True
+    return False
+
+
 def createPersonDir(nickname: str, domain: str, baseDir: str,
                     dirname: str) -> str:
     """Create a directory for a person