diff --git a/.gitignore b/.gitignore
index ab230176..f365e9cd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,3 +30,4 @@ files/map.txt
 .sass-cache/*
 files/sslsites.zip
 .tm_properties
+black_box.rb
diff --git a/app.rb b/app.rb
index cabf725b..9d88ad2f 100644
--- a/app.rb
+++ b/app.rb
@@ -249,9 +249,19 @@ get '/?' do
     @sites_count = SimpleCache.get :sites_count
   end
 
+  @blackbox_question = BlackBox.generate
+  @question_first_number, @question_last_number = generate_question
+
   erb :index, layout: false
 end
 
+def generate_question
+  question_first_number = rand 5
+  question_last_number = rand 5
+  session[:question_answer] = (question_first_number + question_last_number).to_s
+  [question_first_number, question_last_number]
+end
+
 get '/plan/?' do
   @title = 'Supporter'
   erb :'plan/index'
@@ -487,6 +497,15 @@ get '/new' do
   erb :'new'
 end
 
+post '/create_validate_all' do
+  content_type :json
+  fields = params.select {|p| p.match /username|password|email|new_tags_string/}
+
+  site = Site.new fields
+  return [].to_json if site.valid?
+  site.errors.collect {|e| [e.first, e.last.first]}.to_json
+end
+
 post '/create_validate' do
   content_type :json
 
@@ -519,7 +538,20 @@ post '/create' do
     ip: request.ip
   )
 
-  if !@site.valid?
+  black_box_answered = BlackBox.valid? params[:blackbox_answer], request.ip
+  question_answered_correctly = params[:question_answer] == session[:question_answer]
+
+  if !question_answered_correctly
+    question_first_number, question_last_number = generate_question
+    return {
+      result: 'bad_answer',
+      question_first_number: question_first_number,
+      question_last_number: question_last_number
+    }.to_json
+  end
+
+  if !black_box_answered || !@site.valid? || Site.ip_create_limit?(request.ip)
+    flash[:error] = 'There was an unknown error, please try again.'
     return {result: 'error'}.to_json
   end
 
diff --git a/environment.rb b/environment.rb
index e5fb61d4..ea977c0d 100644
--- a/environment.rb
+++ b/environment.rb
@@ -126,4 +126,12 @@ if ENV['RACK_ENV'] != 'development'
   Sass::Plugin.options[:style] = :compressed
   Sass::Plugin.options[:never_update] = true
   Sass::Plugin.options[:full_exception] = false
+end
+
+unless ENV['RACK_ENV'] == 'test'
+  if File.exist?('./black_box.rb')
+    require './black_box.rb'
+  else
+    puts "WARNING: Black box was not loaded!"
+  end
 end
\ No newline at end of file
diff --git a/models/site.rb b/models/site.rb
index c97de7df..5137a3d7 100644
--- a/models/site.rb
+++ b/models/site.rb
@@ -95,6 +95,9 @@ class Site < Sequel::Model
   SUGGESTIONS_VIEWS_MIN = 500
   CHILD_SITES_MAX = 100
 
+  IP_CREATE_LIMIT = 50
+  TOTAL_IP_CREATE_LIMIT = 300
+
   PLAN_FEATURES[:catbus] = PLAN_FEATURES[:fatcat].merge(
     name: 'Cat Bus',
     space: Filesize.from('10GB').to_i,
@@ -206,6 +209,11 @@ class Site < Sequel::Model
       return nil if site.nil? || site.is_banned || site.owner.is_banned
       site
     end
+
+    def ip_create_limit?(ip)
+      Site.where('created_at > ?', Date.today.to_time).where(ip: ip).count > IP_CREATE_LIMIT ||
+      Site.where(ip: ip).count > TOTAL_IP_CREATE_LIMIT
+    end
   end
 
   def self.banned_ip?(ip)
@@ -643,7 +651,7 @@ class Site < Sequel::Model
     super
 
     if !self.class.valid_username?(values[:username])
-      errors.add :username, 'A valid user/site name is required.'
+      errors.add :username, 'Usernames can only contain letters, numbers, underscores and hyphens.'
     end
 
     if new? && !values[:username].nil? && !values[:username].empty?
@@ -850,12 +858,17 @@ class Site < Sequel::Model
   end
 
   def latest_events(current_page=1, limit=10)
-    events_dataset.order(:created_at.desc).paginate(current_page, limit)
+    site_id = self.id
+    Event.where{Sequel.|({site_id: site_id}, {actioning_site_id: site_id})}.
+    order(:created_at.desc).
+    paginate(current_page, limit)
   end
 
   def news_feed(current_page=1, limit=10)
     following_ids = self.followings_dataset.select(:site_id).all.collect {|f| f.site_id}
-    Event.filter(site_id: following_ids+[self.id]).
+    search_ids = following_ids+[self.id]
+
+    Event.where{Sequel.|({site_id: search_ids}, {actioning_site_id: search_ids})}.
     order(:created_at.desc).
     paginate(current_page, limit)
   end
diff --git a/views/_news.erb b/views/_news.erb
index 75acd7c5..81d06813 100644
--- a/views/_news.erb
+++ b/views/_news.erb
@@ -30,7 +30,7 @@
       started following
 
       <% if current_site && event_site.id == current_site.id %>
-        your site!
+        your site.
       <% else %>
         <a href="/site/<%= event_site.username %>" class="user" title="<%= event_site.title %>"><i class="fa fa-user"><% if event_site.supporter? && !event_site.ended_supporter? %><i class="fa fa-heart"></i><% end %></i><%= event_site.username %></a>
       <% end %>
@@ -60,7 +60,7 @@
             <% site_change_filenames.each do |f| %>
               <div class="file">
                 <div class="html-thumbnail <%= site_change_file_display_class f %>">
-                  <a href="//<%= event_site.host %>/<%= f %>">
+                  <a href="//<%= event_site.host %><%= f == 'index.html' ? '' : "/#{f}" %>">
                     <% if site_change_file_display_class(f) == 'html' %>
                       <img src="<%= event_site.screenshot_url(f, '210x158') %>">
                     <% elsif site_change_file_display_class(f) == 'image' %>
diff --git a/views/_news_profile_comment.erb b/views/_news_profile_comment.erb
index 69fc1028..7911b079 100644
--- a/views/_news_profile_comment.erb
+++ b/views/_news_profile_comment.erb
@@ -4,19 +4,17 @@
 <div class="title">
   <div class="icon" style="background-image:url(<%= actioning_site.screenshot_url('index.html', '100x100') %>);"></div>
 
-  <% if current_site && current_site.id == actioning_site.id && request.path == '/' %>
+  <% if current_site && current_site.id == actioning_site.id %>
     You
   <% else %>
     <i class="fa fa-user"><% if actioning_site.supporter? && !actioning_site.ended_supporter? %><i class="fa fa-heart"></i><% end %></i><a href="/site/<%= actioning_site.username %>" class="user"><%= actioning_site.username %></a>
   <% end %>
 
-  <% if request.path == '/' %>
     <% if current_site && current_site.id == profile_comment.site_id %>
       left a comment on <a href="/site/<%= current_site.username %>">your profile</a>:
     <% else %>
       left a comment on <i class="fa fa-user"><% if profile_comment.site.supporter? && !profile_comment.site.ended_supporter? %><i class="fa fa-heart"></i><% end %></i><a href="/site/<%= profile_comment.site.username %>" class="user"><%= profile_comment.site.username %></a><%= site.username[site.username.length-1] == 's' ? "’" : "'s" %> profile:
     <% end %>
-  <% end %>
   <span class="date">
     <a href="?event_id=<%= profile_comment.event.id %>"><%= profile_comment.created_at.ago %></a>
   </span>
diff --git a/views/index.erb b/views/index.erb
index 5af615db..2e1d04ae 100644
--- a/views/index.erb
+++ b/views/index.erb
@@ -85,8 +85,7 @@
                 <li>
                   <a href="/signout" class="sign-In">Signout</a>
                 </li>
-              <% end %>
-
+              <% end %>`
             </ul>
           </nav>
 
@@ -154,29 +153,37 @@
             </div>
         </div>
       <% else %>
-        <form id="createSiteForm" action="/new" method="POST" class="signup-Form" onsubmit="createSite(); return false">
+        <form id="createSiteForm" class="signup-Form" onsubmit="return false">
           <input type="hidden" name="csrf_token" value="<%= csrf_token %>">
+          <input type="hidden" name="blackbox_answer" value="">
           <fieldset class="content">
             <h2 class="gamma">Sign up for free</h2>
             <hr />
-            <label for="create-Input">Username</label>
-            <input type="text" class="input-Area" id="create-Input" name="username" placeholder="my-site-name" data-placement="left" data-trigger="manual" autocapitalize="off" autocorrect="off" autocomplete="off" />
-            <label for="create-Input" id="domain-name">.neocities.org</label>
+            <div class="siteCreateInputs">
+              <label for="create-Input">Username</label>
+              <input type="text" class="input-Area" id="create-Input" name="username" placeholder="my-site-name" data-placement="left" data-trigger="manual" autocapitalize="off" autocorrect="off" autocomplete="off" />
+              <label for="create-Input" id="domain-name">.neocities.org</label>
 
-            <label for="tags-input">Tags (your interests, site topics)</label>
-            <input type="text" class="input-Area" id="tags-input" name="new_tags_string" placeholder="art, videogames, food, music, programming, gardening, cats" data-placement="left" data-trigger="manual" autocapitalize="off" autocorrect="off" autocomplete="off" />
+              <label for="tags-input">Tags (your interests, site topics)</label>
+              <input type="text" class="input-Area" id="tags-input" name="new_tags_string" placeholder="art, videogames, food, music, programming, gardening, cats" data-placement="left" data-trigger="manual" autocapitalize="off" autocorrect="off" autocomplete="off" />
 
-            <div class="col col-50" style="padding-left:0;">
-            <label for="password-input">Password</label>
-            <input type="password" class="input-Area" id="password-input" name="password" placeholder="password" data-placement="left" data-trigger="manual" autocapitalize="off" autocorrect="off" autocomplete="off" />
+              <div class="col col-50" style="padding-left:0;">
+              <label for="password-input">Password</label>
+              <input type="password" class="input-Area" id="password-input" name="password" placeholder="password" data-placement="left" data-trigger="manual" autocapitalize="off" autocorrect="off" autocomplete="off" />
+              </div>
+
+              <div class="col col-50">
+              <label for="email-input">Email</label>
+              <input type="text" class="input-Area" id="email-input" name="email" placeholder="me@example.com" data-placement="left" data-trigger="manual" autocapitalize="off" autocorrect="off" autocomplete="off" />
+              </div>
+
+              <div class="col col-25">
+              <label for="question_answer-input"><%= @question_first_number %> + <%= @question_last_number %> =</label>
+              <input type="text" class="input-Area" name="question_answer" placeholder="" data-placement="left" data-trigger="manual" autocapitalize="off" autocorrect="off" autocomplete="off" maxlength="2" style="width: 50px" />
+              </div>
+
+              <input type="submit" value="Create My Site" class="btn-Action float-Right" />
             </div>
-
-            <div class="col col-50">
-            <label for="email-input">Email</label>
-            <input type="text" class="input-Area" id="email-input" name="email" placeholder="me@example.com" data-placement="left" data-trigger="manual" autocapitalize="off" autocorrect="off" autocomplete="off" />
-            </div>
-
-            <input type="submit" value="Create My Site" class="btn-Action float-Right" />
           </fieldset>
         </form>
 
@@ -337,14 +344,38 @@
     <script src="/js/app.min.js"></script>
     <script src="/js/bootstrap.min.js"></script>
     <script>
-      function createSite() {
-        $.post('/create', $('#createSiteForm').serialize(), function(res) {
-          if(res.result == 'ok')
-            location.reload()
-        })
-      }
 
-      $('input[type=text]').on('change focusout', function(obj) {
+      $('#createSiteForm').on('submit', function(obj) {
+        $("input[name=blackbox_answer]").val("<%= @blackbox_question %>")
+        $.post('/create_validate_all', $(obj.target).serialize(), function(errors) {
+          console.log(errors)
+          if(errors.length == 0) {
+            $.post('/create', $('#createSiteForm').serialize(), function(res) {
+              if(res.result == 'ok')
+                location.reload()
+              else if(res.result == 'bad_answer') {
+                $('label[for=question_answer-input]').text(res.question_first_number+' + '+res.question_last_number+' = ')
+                var input = $('input[name=question_answer]')
+                input.attr('data-original-title', 'Please answer the question correctly.')
+                input.tooltip('show')
+              } else {
+                location.reload()
+              }
+            })
+          }
+
+          for(var i=0; i<errors.length;i++) {
+            var ele = $('input[name='+errors[i][0]+']')
+            ele.attr('data-original-title', errors[i][1])
+            ele.tooltip('show')
+          }
+        })
+      })
+
+      $('input[type=text],input[type=password]').on('change focusout', function(obj) {
+        if(obj.target.name == 'question_answer')
+          return
+
         $.post('/create_validate', {field: obj.target.name, value: obj.target.value, csrf_token: '<%= csrf_token %>'}, function(res) {
           if(res.result == 'ok') {
             return $(obj.target).tooltip('hide')