diff --git a/readthedocs/core/middleware.py b/readthedocs/core/middleware.py
index 5123ccee6b9..7dce7458835 100644
--- a/readthedocs/core/middleware.py
+++ b/readthedocs/core/middleware.py
@@ -69,6 +69,8 @@ def process_request(self, request):
                 # Support ports during local dev
                 public_domain in host or public_domain in full_host
             ):
+                if not Project.objects.filter(slug=subdomain).exists():
+                    raise Http404(_('Project not found'))
                 request.subdomain = True
                 request.slug = subdomain
                 request.urlconf = SUBDOMAIN_URLCONF
diff --git a/readthedocs/rtd_tests/tests/test_middleware.py b/readthedocs/rtd_tests/tests/test_middleware.py
index 444a4f2d107..57470855242 100644
--- a/readthedocs/rtd_tests/tests/test_middleware.py
+++ b/readthedocs/rtd_tests/tests/test_middleware.py
@@ -47,6 +47,13 @@ def test_proper_subdomain(self):
         self.assertEqual(request.urlconf, self.urlconf_subdomain)
         self.assertEqual(request.slug, 'pip')
 
+    @override_settings(PRODUCTION_DOMAIN='readthedocs.org')
+    def test_wrong_subdomain(self):
+        http_host = 'xyz-wrong-sub-domain-xyz.readthedocs.org'
+        request = self.factory.get(self.url, HTTP_HOST=http_host)
+        with self.assertRaises(Http404):
+            self.middleware.process_request(request)
+
     @override_settings(PRODUCTION_DOMAIN='readthedocs.org')
     def test_restore_urlconf_after_request(self):
         """