diff --git a/install.sql b/install.sql
index da1a276b..0e279283 100644
--- a/install.sql
+++ b/install.sql
@@ -357,6 +357,21 @@ CREATE TABLE `dnsbl_bypass` (
   PRIMARY KEY (`ip`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `filters`
+--
+
+CREATE TABLE `filters` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `type` varchar(255) DEFAULT NULL,
+  `reason` text,
+  `value` varchar(255) DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `data` (`type`,`value`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
 /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
 /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
diff --git a/post.php b/post.php
index 140d1f6e..f1e75b33 100644
--- a/post.php
+++ b/post.php
@@ -640,6 +640,16 @@ elseif (isset($_POST['post'])) {
 			} else {
 				$hash = md5_file($upload);
 			}
+
+			// filter files by MD5
+			$query = prepare('SELECT * FROM ``filters`` WHERE `type` = "md5" and `value` = :value');
+			$query->bindValue(':value', $hash);
+			$result = $query->execute() or error(db_error());
+			if ($row = $query->fetch()) {
+				$reason = utf8tohtml($row['reason']);
+				error("Sorry, cannot upload. Matched MD5 of disallowed file. Reason: {$reason}");
+			}
+
 			$file['hash'] = $hash;
 			$allhashes .= $hash;
 		}