diff --git a/app/controllers/bans_controller.rb b/app/controllers/bans_controller.rb
index c94dd0d..0553b8e 100644
--- a/app/controllers/bans_controller.rb
+++ b/app/controllers/bans_controller.rb
@@ -18,7 +18,7 @@ class BansController < ApplicationController
   end
 
   def create
-    @ban = Ban.new(params[:ban])
+    @ban = Ban.new(ban_create_params)
     raise AccessError unless @ban.can_create? cuser
     @ban.creator = cuser
 
@@ -32,7 +32,7 @@ class BansController < ApplicationController
 
   def update
     raise AccessError unless @ban.can_update? cuser
-    if @ban.update_attributes(params[:ban])
+    if @ban.update_attributes(ban_update_params)
       flash[:notice] = t(:bans_update)
       redirect_to(@ban)
     else
@@ -51,4 +51,12 @@ class BansController < ApplicationController
   def get_ban
     @ban = Ban.find(params[:id])
   end
+
+  def ban_create_params
+    params.require(:ban).pemit(:steamid, :addr, :reason, :len, :user_name, :creator, :ban_type, :ip, :server, :len, :expiry)
+  end
+
+  def ban_update_params
+    params.require(:ban).permit(:steamid, :addr, :reason, :len, :user_name, :ban_type, :ip, :server, :len, :expiry)
+  end
 end
diff --git a/app/models/ban.rb b/app/models/ban.rb
index 5911abd..3505fe1 100755
--- a/app/models/ban.rb
+++ b/app/models/ban.rb
@@ -26,7 +26,6 @@ class Ban < ActiveRecord::Base
   TYPE_GATHER = 5
   VENT_BANS = "tmp/bans.txt"
 
-  attr_protected :id, :created_at, :updated_at
   attr_accessor :len, :user_name
 
   scope :ordered, order: "created_at DESC"