Last time this was brought up the easiest solution was to enable SSL, that will cause the wrong domains to either redirect to the correct one, or show an SSL error:
If thats not an option you can use a pups template to add that 403 block into the Discourse nginx config.