diff --git a/config/default.json b/config/default.json
index 8d0ff7de..65818148 100644
--- a/config/default.json
+++ b/config/default.json
@@ -8,7 +8,8 @@
   },
   "db": {
     "dialect": "sqlite",
-    "storage": "./db.sqlite"
+    "storage": "./db.sqlite",
+    "logging": false
   },
   "upload_path": "./",
   "smtp": {
diff --git a/server/federation/helpers.js b/server/federation/helpers.js
index c9c1b7b7..2218acdc 100644
--- a/server/federation/helpers.js
+++ b/server/federation/helpers.js
@@ -69,10 +69,12 @@ const Helpers = {
   async getActor(url, force=false) {
     // try with cache first if not forced
     if (!force && actorCache[url]) return actorCache[url]
-    debug('getActor %s', url)
     const user = await fetch(url, { headers: {'Accept': 'application/jrd+json, application/json'} })
       .then(res => res.json())
-      .catch(debug)
+      .catch(e => {
+        debug(e)
+        return false
+      })
     actorCache[url] = user
     return user
   },
@@ -80,21 +82,23 @@ const Helpers = {
   // ref: https://blog.joinmastodon.org/2018/07/how-to-make-friends-and-verify-requests/
   async verifySignature(req, res, next) {
     let user = await Helpers.getActor(req.body.actor)
+    if (!user) res.send('Actor not found', 401)
 
-    console.error(req.headers)
     // little hack -> https://github.com/joyent/node-http-signature/pull/83
     req.headers.authorization = 'Signature ' + req.headers.signature
+
+    // another little hack :/ 
+    // https://github.com/joyent/node-http-signature/issues/87
+    req.url = '/federation' + req.url
     const parsed = httpSignature.parseRequest(req)
-    let ret = httpSignature.verifySignature(parsed, user.publicKey.publicKeyPem)
+    if (httpSignature.verifySignature(parsed, user.publicKey.publicKeyPem)) return next()
     
     // signature not valid, try without cache
     user = await Helpers.getActor(req.body.actor, true)
     if (httpSignature.verifySignature(parsed, user.publicKey.publicKeyPem)) return next()
 
-    // ehm, TOFIX!!
-    return next()
     // still not valid
-    // res.send('Request signature could not be verified', 401)
+    res.send('Request signature could not be verified', 401)
   }
 }
 
diff --git a/server/federation/index.js b/server/federation/index.js
index e86bbb0a..f80ad58d 100644
--- a/server/federation/index.js
+++ b/server/federation/index.js
@@ -32,9 +32,6 @@ router.get('/m/:event_id', async (req, res) => {
 router.post('/u/:name/inbox', Helpers.verifySignature, async (req, res) => {
 
   const b = req.body
-  console.error('> INBOX ', b.type, b)
-  const targetOrigin = new URL(b.actor).origin
-  const domain = new URL(config.baseurl).host
 
   switch(b.type) {
     case 'Follow':
@@ -43,7 +40,7 @@ router.post('/u/:name/inbox', Helpers.verifySignature, async (req, res) => {
     case 'Undo':
       // unfollow || unlike
       if (b.object.type === 'Follow') {
-        Follows.unfollow(req, res, b, targetOrigin, domain)
+        Follows.unfollow(req, res)
       } else if (b.object.type === 'Like') {
         Ego.unbookmark(req, res)
       } else if (b.object.type === 'Announce') {