diff --git a/server/controllers/project.controller.js b/server/controllers/project.controller.js
index 8cb16a5f..3c01ded2 100644
--- a/server/controllers/project.controller.js
+++ b/server/controllers/project.controller.js
@@ -210,6 +210,24 @@ export function getProjectsForUser(req, res) {
   }
 }
 
+export function projectExists(projectId, callback) {
+  Project.findById(projectId, (err, project) => (
+    project ? callback(true) : callback(false)
+  ));
+}
+
+export function projectForUserExists(username, projectId, callback) {
+  User.findOne({ username }, (err, user) => {
+    if (!user) {
+      callback(false);
+      return;
+    }
+    Project.findById(projectId, (innerErr, project) => (
+      (project && project.user.equals(user._id)) ? callback(true) : callback(false)
+    ));
+  });
+}
+
 function bundleExternalLibs(project, zip, callback) {
   const indexHtml = project.files.find(file => file.name === 'index.html');
   let numScriptsResolved = 0;
diff --git a/server/routes/server.routes.js b/server/routes/server.routes.js
index 105d149e..b0d9eade 100644
--- a/server/routes/server.routes.js
+++ b/server/routes/server.routes.js
@@ -2,6 +2,7 @@ import { Router } from 'express';
 import { renderIndex } from '../views/index';
 import { get404Sketch } from '../views/404Page';
 import { userExists } from '../controllers/user.controller';
+import { projectExists, projectForUserExists } from '../controllers/project.controller';
 
 const router = new Router();
 
@@ -20,11 +21,15 @@ router.get('/signup', (req, res) => {
 });
 
 router.get('/projects/:project_id', (req, res) => {
-  res.send(renderIndex());
+  projectExists(req.params.project_id, exists => (
+    exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
+  ));
 });
 
 router.get('/:username/sketches/:project_id', (req, res) => {
-  res.send(renderIndex());
+  projectForUserExists(req.params.username, req.params.project_id, exists => (
+    exists ? res.send(renderIndex()) : get404Sketch(html => res.send(html))
+  ));
 });