diff --git a/app/models/user.rb b/app/models/user.rb
index e56d6d94c..4eafe2acb 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -21,6 +21,7 @@ class User < ActiveRecord::Base
   attr_accessible :level, :as => :admin
   validates_length_of :name, :within => 2..100, :on => :create
   validates_format_of :name, :with => /\A[^\s:]+\Z/, :on => :create, :message => "cannot have whitespace or colons"
+  validates_format_of :name, :with => /\A[^_].*[^_]\Z/, :on => :create, :message => "cannot begin or end with an underscore"
   validates_uniqueness_of :name, :case_sensitive => false
   validates_uniqueness_of :email, :case_sensitive => false, :if => lambda {|rec| rec.email.present?}
   validates_length_of :password, :minimum => 5, :if => lambda {|rec| rec.new_record? || rec.password.present?}
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index 914cfa8bc..6add8f2e3 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -154,6 +154,24 @@ class UserTest < ActiveSupport::TestCase
         assert_equal(Danbooru.config.default_guest_name, User.id_to_name(-1))
       end
 
+      should "not contain a colon" do
+        user = FactoryGirl.build(:user, :name => "a:b")
+        user.save
+        assert_equal(["Name cannot have whitespace or colons"], user.errors.full_messages)
+      end
+
+      should "not begin with an underscore" do
+        user = FactoryGirl.build(:user, :name => "_x")
+        user.save
+        assert_equal(["Name cannot begin or end with an underscore"], user.errors.full_messages)
+      end
+
+      should "not end with an underscore" do
+        user = FactoryGirl.build(:user, :name => "x_")
+        user.save
+        assert_equal(["Name cannot begin or end with an underscore"], user.errors.full_messages)
+      end
+
       should "be fetched given a user id" do
         @user = FactoryGirl.create(:user)
         assert_equal(@user.name, User.id_to_name(@user.id))