diff --git a/app/logical/user_name_validator.rb b/app/logical/user_name_validator.rb
index 99ecce9dc..5bf6ee4c3 100644
--- a/app/logical/user_name_validator.rb
+++ b/app/logical/user_name_validator.rb
@@ -24,6 +24,8 @@ class UserNameValidator < ActiveModel::EachValidator
       rec.errors.add(attr, "can't start with '#{name.first}'")
     elsif name =~ /[[:punct:]]\z/
       rec.errors.add(attr, "can't end with '#{name.last}'")
+    elsif name =~ /\.(html|json|xml|atom|rss|txt|js|css|csv|png|jpg|jpeg|gif|png|mp4|webm|zip|pdf|exe|sitemap)\z/i
+      rec.errors.add(attr, "can't end with a file extension")
     elsif name =~ /__/
       rec.errors.add(attr, "can't contain multiple underscores in a row")
     elsif forbidden_characters.present?
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index 3bcbf157c..6fe459727 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -189,6 +189,12 @@ class UserTest < ActiveSupport::TestCase
         assert_equal(["Name must contain only basic letters or numbers"], user.errors.full_messages)
       end
 
+      should "not allow names ending in file extensions" do
+        user = build(:user, name: "evazion.json")
+        user.save
+        assert_equal(["Name can't end with a file extension"], user.errors.full_messages)
+      end
+
       should "not be in the same format as a deleted user" do
         user = build(:user, name: "user_1234")
         user.save