diff --git a/runbot/controllers/frontend.py b/runbot/controllers/frontend.py
index 4f3ef3fe..16c46919 100644
--- a/runbot/controllers/frontend.py
+++ b/runbot/controllers/frontend.py
@@ -280,6 +280,10 @@ class Runbot(Controller):
 
         if from_batch:
             from_batch = request.env['runbot.batch'].browse(int(from_batch))
+            if build_id not in from_batch.with_context(active_test=False).slot_ids.build_id.ids:
+                # the url may have been forged replacing the build id, redirect to hide the batch
+                return werkzeug.utils.redirect('/runbot/build/%s' % build_id)
+
             from_batch = from_batch.with_context(batch=from_batch)
         Build = request.env['runbot.build'].with_context(batch=from_batch)
 
diff --git a/runbot/models/batch.py b/runbot/models/batch.py
index a0920485..b1d9a8bc 100644
--- a/runbot/models/batch.py
+++ b/runbot/models/batch.py
@@ -455,5 +455,6 @@ class BatchSlot(models.Model):
         self.ensure_one()
         if self.build_id:
             return self.build_id
+        self.batch_id._log(f'Trigger {self.trigger_id.name} was started by {self.env.user.name}')
         self.link_type, self.build_id = self.batch_id._create_build(self.params_id)
         return self.build_id