diff --git a/frontend/website.py b/frontend/website.py
index b3bef9b..a58d4f2 100644
--- a/frontend/website.py
+++ b/frontend/website.py
@@ -137,6 +137,41 @@ def manage_bot():
     else:
         bottle.abort(401, "Sorry, access denied.")
 
+@app.route('/settings/goodlist', method="POST")
+def update_goodlist():
+    """
+    Writes the goodlist textarea on /settings to the database.
+    This function expects a multi-line string, transmitted over the textarea form.
+    :return: redirect to settings page
+    """
+    # get new goodlist
+    words = bottle.request.forms.get("goodlist")
+    # get user.id
+    email = bottle.cookie_decode("account", secret)
+    db.cur.execute("SELECT id FROM user WHERE email = ?", (email, ))
+    user_id = db.cur.fetchone()
+    # write new goodlist to db
+    db.cur.execute("UPDATE trigger_good SET ? WHERE user.id = ?", (words, user_id, ))
+    return bottle.redirect("/settings")
+
+
+@app.route('/settings/blacklist', method="POST")
+def update_blacklist():
+    """
+    Writes the blacklist textarea on /settings to the database.
+    This function expects a multi-line string, transmitted over the textarea form.
+    :return: redirect to settings page
+    """
+    # get new blacklist
+    words = bottle.request.forms.get("blacklist")
+    # get user.id
+    email = bottle.cookie_decode("account", secret)
+    db.cur.execute("SELECT id FROM user WHERE email = ?", (email, ))
+    user_id = db.cur.fetchone()
+    # write new goodlist to db
+    db.cur.execute("UPDATE trigger_bad SET ? WHERE user.id = ?", (words, user_id, ))
+    return bottle.redirect("/settings")
+
 
 @app.route('/enable', method="POST")
 def enable():
diff --git a/static/bot.html b/static/bot.html
index 59f4a48..613ca52 100644
--- a/static/bot.html
+++ b/static/bot.html
@@ -22,54 +22,76 @@
             Log in with Twitter
         </a>
 
-<section>
-    <h2>Log in with Mastodon</h2>
-    <form action="/login/mastodon" method='post'>
-        <label>Mastodon instance:
-            <input type='text' name='instance_url' list='instances' placeholder='social.example.net'/>
-        </label>
-        <datalist id='instances'>
-            <option value=''>
-            <option value='anticapitalist.party'>
-            <option value='awoo.space'>
-            <option value='cybre.space'>
-            <option value='mastodon.social'>
-            <option value='glitch.social'>
-            <option value='botsin.space'>
-            <option value='witches.town'>
-            <option value='social.wxcafe.net'>
-            <option value='monsterpit.net'>
-            <option value='mastodon.xyz'>
-            <option value='a.weirder.earth'>
-            <option value='chitter.xyz'>
-            <option value='sins.center'>
-            <option value='dev.glitch.social'>
-            <option value='computerfairi.es'>
-            <option value='niu.moe'>
-            <option value='icosahedron.website'>
-            <option value='hostux.social'>
-            <option value='hyenas.space'>
-            <option value='instance.business'>
-            <option value='mastodon.sdf.org'>
-            <option value='pawoo.net'>
-            <option value='pouet.it'>
-            <option value='scalie.business'>
-            <option value='sleeping.town'>
-            <option value='social.koyu.space'>
-            <option value='sunshinegardens.org'>
-            <option value='vcity.network'>
-            <option value='octodon.social'>
-            <option value='soc.ialis.me'>
-        </datalist>
-        <input name='confirm' value='Log in' type='submit'/>
-    </form>
-</section>
+        <section>
+            <h2>Log in with Mastodon</h2>
+            <form action="/login/mastodon" method='post'>
+                <label>Mastodon instance:
+                    <input type='text' name='instance_url' list='instances' placeholder='social.example.net'/>
+                </label>
+                <datalist id='instances'>
+                    <option value=''>
+                    <option value='anticapitalist.party'>
+                    <option value='awoo.space'>
+                    <option value='cybre.space'>
+                    <option value='mastodon.social'>
+                    <option value='glitch.social'>
+                    <option value='botsin.space'>
+                    <option value='witches.town'>
+                    <option value='social.wxcafe.net'>
+                    <option value='monsterpit.net'>
+                    <option value='mastodon.xyz'>
+                    <option value='a.weirder.earth'>
+                    <option value='chitter.xyz'>
+                    <option value='sins.center'>
+                    <option value='dev.glitch.social'>
+                    <option value='computerfairi.es'>
+                    <option value='niu.moe'>
+                    <option value='icosahedron.website'>
+                    <option value='hostux.social'>
+                    <option value='hyenas.space'>
+                    <option value='instance.business'>
+                    <option value='mastodon.sdf.org'>
+                    <option value='pawoo.net'>
+                    <option value='pouet.it'>
+                    <option value='scalie.business'>
+                    <option value='sleeping.town'>
+                    <option value='social.koyu.space'>
+                    <option value='sunshinegardens.org'>
+                    <option value='vcity.network'>
+                    <option value='octodon.social'>
+                    <option value='soc.ialis.me'>
+                </datalist>
+                <input name='confirm' value='Log in' type='submit'/>
+            </form>
+        </section>
 
-        <!-- login with e-mail -->
+        <!-- offer mailing list creation button -->
 
         <!-- good list entry field -->
+        <p>
+            Those words have to be contained in a report.
+            If none of these expressions is in the report, it will be ignored by the bot.
+            You can use the defaults, or enter some expressions specific to your city and language.
+        </p>
+        <form action="/settings/goodlist" method="post">
+            <textarea name="goodlist" wrap="physical">
+                <!-- find a way to display current good list. js which reads from a cookie? template? -->
+            </textarea>
+            <button type="submit">Submit trigger words</button>
+        </form>
 
         <!-- blacklist entry field -->
+        <p>
+            Those words are not allowed in reports.
+            If you encounter spam, you can add more here - the bot will ignore reports which use such words.
+            <!-- There are words which you can't exclude from the blacklist, e.g. certain racist, sexist, or antisemitic slurs. (to be implemented) -->
+        </p>
+        <form action="/settings/blacklist" method="post">
+            <textarea name="blacklist" wrap="physical">
+                <!-- find a way to display current blacklist. js which reads from a cookie? template? -->
+            </textarea>
+            <button type="submit">Submit blacklist</button>
+        </form>
 
         <script src="/static/js/functions.js"></script>