diff --git a/internal/api/keppel/accounts.go b/internal/api/keppel/accounts.go
index 6ad21903..74d70966 100644
--- a/internal/api/keppel/accounts.go
+++ b/internal/api/keppel/accounts.go
@@ -112,7 +112,12 @@ func (a *API) handlePutAccount(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, `malformed attribute "account.name" in request body is not allowed here`, http.StatusUnprocessableEntity)
 		return
 	}
-	// ... transfer it here into the struct, to make the below code simpler
+	// ... or state ...
+	if req.Account.State != "" {
+		http.Error(w, `malformed attribute "account.state" in request body is not allowed here`, http.StatusUnprocessableEntity)
+		return
+	}
+	// ... and transfer the name here into the struct, to make the below code simpler
 	req.Account.Name = models.AccountName(mux.Vars(r)["account"])
 
 	// check permission to create account
diff --git a/internal/api/keppel/api.go b/internal/api/keppel/api.go
index cf27f8bf..1b7ca4b1 100644
--- a/internal/api/keppel/api.go
+++ b/internal/api/keppel/api.go
@@ -184,6 +184,10 @@ func (a *API) findAccountFromRequest(w http.ResponseWriter, r *http.Request, _ *
 		http.Error(w, "account not found", http.StatusNotFound)
 		return nil
 	}
+	if account.IsDeleting && r.Method == http.MethodGet {
+		http.Error(w, "account is being deleted", http.StatusConflict)
+		return nil
+	}
 	return account
 }