diff --git a/code/modules/shuttle/shuttle.dm b/code/modules/shuttle/shuttle.dm
index 2a794de2ff8..bf07626ffc2 100644
--- a/code/modules/shuttle/shuttle.dm
+++ b/code/modules/shuttle/shuttle.dm
@@ -683,7 +683,13 @@
to_chat(usr, "Access denied.")
return
+ var/list/options = params2list(possible_destinations)
if(href_list["move"])
+ if(!options.Find(href_list["move"])) //I see you're trying Href exploits, I see you're failing, I SEE ADMIN WARNING.
+ // Seriously, though, NEVER trust a Topic with something like this. Ever.
+ message_admins("move HREF ([src] attempted to move to: [href_list["move"]]) exploit attempted by [key_name_admin(usr)] on [src] (JMP)")
+ to_chat(usr, "Expect a ban. Soon.")
+ return
switch(shuttle_master.moveShuttle(shuttleId, href_list["move"], 1))
if(0)
to_chat(usr, "Shuttle received message and will be sent shortly.")