diff --git a/admin.go b/admin.go
index b06c88d..a5558ef 100644
--- a/admin.go
+++ b/admin.go
@@ -15,7 +15,7 @@ type settingsData struct {
 
 func settingsHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 	if sess.User == "" {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 	if r.Method == "POST" {
@@ -40,7 +40,7 @@ func settingsHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 
 func deleteHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 	if sess.User == "" {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 
@@ -48,7 +48,7 @@ func deleteHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 	var isNew bool
 	ids := strings.Split(mux.Vars(r)["ids"], "/")
 	for _, idStr := range ids {
-		if idStr == "" {
+		if !bson.IsObjectIdHex(idStr) {
 			continue
 		}
 
@@ -79,14 +79,15 @@ func deleteHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 }
 
 func editHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
-	if sess.User == "" {
-		http.NotFound(w, r)
+	idStr := mux.Vars(r)["id"]
+	if sess.User == "" || !bson.IsObjectIdHex(idStr) {
+		notFound(w)
 		return
 	}
-	id := bson.ObjectIdHex(mux.Vars(r)["id"])
+	id := bson.ObjectIdHex(idStr)
 	books, _, err := db.GetBooks(bson.M{"_id": id})
 	if err != nil {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 
@@ -107,12 +108,12 @@ func cleanEmptyStr(s []string) []string {
 }
 
 func saveHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
-	if sess.User == "" {
-		http.NotFound(w, r)
+	idStr := mux.Vars(r)["id"]
+	if sess.User == "" || !bson.IsObjectIdHex(idStr) {
+		notFound(w)
 		return
 	}
 
-	idStr := mux.Vars(r)["id"]
 	id := bson.ObjectIdHex(idStr)
 	title := r.FormValue("title")
 	publisher := r.FormValue("publisher")
@@ -131,7 +132,7 @@ func saveHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 	book["keywords"] = keywords(book)
 	err := db.UpdateBook(id, book)
 	if err != nil {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 
@@ -160,7 +161,7 @@ type newData struct {
 
 func newHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 	if sess.User == "" {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 
@@ -203,14 +204,14 @@ func newHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 
 func storeHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 	if sess.User == "" {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 
 	var titles []string
 	ids := strings.Split(mux.Vars(r)["ids"], "/")
 	for _, idStr := range ids {
-		if idStr == "" {
+		if !bson.IsObjectIdHex(idStr) {
 			continue
 		}
 
diff --git a/cover.go b/cover.go
index 876f7a8..dba08f3 100644
--- a/cover.go
+++ b/cover.go
@@ -23,10 +23,14 @@ import (
 
 func coverHandler(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
+	if !bson.IsObjectIdHex(vars["id"]) {
+		notFound(w)
+		return
+	}
 	id := bson.ObjectIdHex(vars["id"])
 	books, _, err := db.GetBooks(bson.M{"_id": id})
 	if err != nil || len(books) == 0 {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 	book := books[0]
@@ -34,7 +38,7 @@ func coverHandler(w http.ResponseWriter, r *http.Request) {
 	if !book.Active {
 		sess := GetSession(r)
 		if sess.User == "" {
-			http.NotFound(w, r)
+			notFound(w)
 			return
 		}
 	}
@@ -48,7 +52,7 @@ func coverHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	if err != nil {
 		log.Println("Error while opening image:", err)
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 	defer f.Close()
diff --git a/reader.go b/reader.go
index ed035e5..da5e89c 100644
--- a/reader.go
+++ b/reader.go
@@ -75,7 +75,9 @@ func getNextPrev(e *epubgo.Epub, file string, id string, base string) (string, s
 		return "", ""
 	}
 
-	prev = genLink(id, base, prev)
+	if prev != "" {
+		prev = genLink(id, base, prev)
+	}
 	if spine.Next() == nil {
 		next = genLink(id, base, spine.Url())
 	}
@@ -131,14 +133,14 @@ func readStartHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 	id := mux.Vars(r)["id"]
 	e, _ := openReadEpub(w, r, sess)
 	if e == nil {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 	defer e.Close()
 
 	it, err := e.Spine()
 	if err != nil {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 	http.Redirect(w, r, "/read/"+id+"/"+it.Url(), http.StatusTemporaryRedirect)
@@ -149,7 +151,7 @@ func readHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 	file := mux.Vars(r)["file"]
 	e, book := openReadEpub(w, r, sess)
 	if e == nil {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 	defer e.Close()
@@ -172,6 +174,9 @@ func readHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 func openReadEpub(w http.ResponseWriter, r *http.Request, sess *Session) (*epubgo.Epub, Book) {
 	var book Book
 	id := mux.Vars(r)["id"]
+	if !bson.IsObjectIdHex(id) {
+		return nil, book
+	}
 	books, _, err := db.GetBooks(bson.M{"_id": bson.ObjectIdHex(id)})
 	if err != nil || len(books) == 0 {
 		return nil, book
@@ -194,33 +199,33 @@ func contentHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 	vars := mux.Vars(r)
 	id := vars["id"]
 	file := vars["file"]
-	if file == "" {
-		http.NotFound(w, r)
+	if file == "" || !bson.IsObjectIdHex(id) {
+		notFound(w)
 		return
 	}
 
 	books, _, err := db.GetBooks(bson.M{"_id": bson.ObjectIdHex(id)})
 	if err != nil || len(books) == 0 {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 	book := books[0]
 	if !book.Active {
 		if sess.User == "" {
-			http.NotFound(w, r)
+			notFound(w)
 			return
 		}
 	}
 	e, err := OpenBook(book.File)
 	if err != nil {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 	defer e.Close()
 
 	html, err := e.OpenFile(file)
 	if err != nil {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 	defer html.Close()
diff --git a/stats.go b/stats.go
index b80e4cc..3dcd3ea 100644
--- a/stats.go
+++ b/stats.go
@@ -72,18 +72,21 @@ func appendMuxVars(vars map[string]string, stats map[string]interface{}) {
 	for key, value := range vars {
 		switch {
 		case key == "id":
-			stats["id"] = bson.ObjectIdHex(value)
+			if bson.IsObjectIdHex(value) {
+				stats["id"] = bson.ObjectIdHex(value)
+			}
 		case key == "ids":
 			var objectIds []bson.ObjectId
 			ids := strings.Split(value, "/")
 			for _, id := range ids {
-				if id == "" {
-					continue
+				if bson.IsObjectIdHex(value) {
+					objectIds = append(objectIds, bson.ObjectIdHex(id))
 				}
-				objectIds = append(objectIds, bson.ObjectIdHex(id))
 			}
-			stats["ids"] = objectIds
-			stats["id"] = objectIds[0]
+			if len(objectIds) > 0 {
+				stats["ids"] = objectIds
+				stats["id"] = objectIds[0]
+			}
 		default:
 			stats[key] = value
 		}
diff --git a/template.go b/template.go
index e1657fb..7b8c3b8 100644
--- a/template.go
+++ b/template.go
@@ -25,6 +25,7 @@ func GetStatus(w http.ResponseWriter, r *http.Request) Status {
 
 var templates = template.Must(template.ParseFiles(TEMPLATE_PATH+"header.html",
 	TEMPLATE_PATH+"footer.html",
+	TEMPLATE_PATH+"404.html",
 	TEMPLATE_PATH+"index.html",
 	TEMPLATE_PATH+"about.html",
 	TEMPLATE_PATH+"book.html",
diff --git a/templates/404.html b/templates/404.html
new file mode 100644
index 0000000..c5555cd
--- /dev/null
+++ b/templates/404.html
@@ -0,0 +1,12 @@
+{{template "header.html" .}}
+
+<div class="row">
+<div class="span10 offset1">
+	<h4>Page not found</h4>
+	<p>
+	The requested page don't exist.
+	</p>
+</div>
+</div>
+
+{{template "footer.html"}}
diff --git a/trantor.go b/trantor.go
index 304daf5..7f2f6ff 100644
--- a/trantor.go
+++ b/trantor.go
@@ -48,12 +48,18 @@ type bookData struct {
 }
 
 func bookHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
+	idStr := mux.Vars(r)["id"]
+	if !bson.IsObjectIdHex(idStr) {
+		notFound(w)
+		return
+	}
+
 	var data bookData
 	data.S = GetStatus(w, r)
-	id := bson.ObjectIdHex(mux.Vars(r)["id"])
+	id := bson.ObjectIdHex(idStr)
 	books, _, err := db.GetBooks(bson.M{"_id": id})
 	if err != nil || len(books) == 0 {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 	db.IncVisit(id)
@@ -62,10 +68,16 @@ func bookHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 }
 
 func downloadHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
-	id := bson.ObjectIdHex(mux.Vars(r)["id"])
+	idStr := mux.Vars(r)["id"]
+	if !bson.IsObjectIdHex(idStr) {
+		notFound(w)
+		return
+	}
+
+	id := bson.ObjectIdHex(idStr)
 	books, _, err := db.GetBooks(bson.M{"_id": id})
 	if err != nil || len(books) == 0 {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 	book := books[0]
@@ -73,7 +85,7 @@ func downloadHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 	if !book.Active {
 		sess := GetSession(r)
 		if sess.User == "" {
-			http.NotFound(w, r)
+			notFound(w)
 			return
 		}
 	}
@@ -81,7 +93,7 @@ func downloadHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 	fs := db.GetFS(FS_BOOKS)
 	f, err := fs.OpenId(book.File)
 	if err != nil {
-		http.NotFound(w, r)
+		notFound(w)
 		return
 	}
 	defer f.Close()
@@ -115,6 +127,11 @@ func indexHandler(w http.ResponseWriter, r *http.Request, sess *Session) {
 	loadTemplate(w, "index", data)
 }
 
+func notFound(w http.ResponseWriter) {
+	w.WriteHeader(http.StatusNotFound)
+	loadTemplate(w, "404", nil)
+}
+
 func main() {
 	db = initDB()
 	defer db.Close()
@@ -128,6 +145,10 @@ func main() {
 
 func setUpRouter() {
 	r := mux.NewRouter()
+	var notFoundHandler http.HandlerFunc
+	notFoundHandler = GatherStats(func(w http.ResponseWriter, r *http.Request, sess *Session) { notFound(w) })
+	r.NotFoundHandler = notFoundHandler
+
 	r.HandleFunc("/", GatherStats(indexHandler))
 	r.HandleFunc("/book/{id:[0-9a-fA-F]+}", GatherStats(bookHandler))
 	r.HandleFunc("/search/", GatherStats(searchHandler))