I'm a 3rd year NIT student interning at SAP. 8 months ago I launched a side project. Here's everything that went wrong.

Not a "look how far I've come" post. Just an honest dump of everything that broke, everything I got wrong, and what I'd do differently.

Month 1 — Launched with zero security

First version had no rate limiting, no email verification, no nothing. Just a signup form connected directly to MongoDB.

Within 2 weeks someone was probing my endpoints. Automated scripts trying to flood the database with fake accounts. I caught it at 2am on my admin dashboard — signups spiked from 800 to 2,100 in minutes.

Spent the entire night deploying honeypots, rate limiting, IP blacklisting, and reCAPTCHA. Got it under control by morning.

Lesson: Security is not something you add later. By the time you think you need it, you already needed it 3 weeks ago.

Month 3 — I ignored a bug I knew about

Found a logic flaw in one of my auth routes. Not huge on the surface. But real.

Told myself: "We have rate limiting. We have honeypots. Nobody is getting through all that just to hit this one bug."

Closed the tab. Went to sleep.

Three days later I was checking production logs and stopped scrolling.

The Prime Minister of India's official email was sitting in my user database.

Not a bot. A real person had specifically probed my routes, found the exact vulnerability I knew about, and exploited it deliberately.

Pulled the server offline at midnight. Rewrote the auth logic. Sanitized the database. Went to sleep at 3am.

The bug took 2 hours to fix. I had known about it for 3 days.

Lesson: A bug you label as "minor" is just a vulnerability waiting for the right person to find it. The internet is more patient than you are lazy.

Month 4 — Built features nobody used

Spent 2 weeks building something I thought users wanted. Zero usage after launch.

Meanwhile a feature I built in one evening because it seemed fun — a "resume roast" that gives brutally honest AI feedback — became the most used feature on the platform.

Lesson: Build the thing that makes people laugh or feel something. Utility is table stakes. Emotion is what spreads.

Month 6 — Pricing completely wrong

Had paying users but barely any revenue. Priced everything too low because I was scared nobody would pay.

Turns out people pay for things that help them get jobs. Placement season is one of the highest anxiety periods of a student's life. If your product genuinely helps, price it like it helps.

Lesson: Underpricing doesn't make you humble. It just makes you broke.

Month 8 — Distribution is the actual hard problem

2,400 users later, I can tell you the product was never the hard part.

Getting people to know it exists is the hard part.

Every growth spike came from a post somewhere. Every time I stopped posting, growth flatlined. Building a product is 20% of the work. Telling people about it is 80%.

Nobody is coming to find you. You have to go find them.

---

8 months. 2,400 users. One security incident I caused myself. Still running.

If you're building something on the side while in college — the mistakes above are coming for you eventually. Better to know about them first.

Happy to answer anything.

reddit.com
u/Nakul_Gautam — 3 days ago
▲ 13 r/dadjoke+1 crossposts

What's the funniest joke you told your parents that somehow turned into a life lecture?

You know the moment—you say something as a joke, expecting a laugh, and suddenly you're sitting through a 20-minute speech about responsibility, life, respect, or your future.

What's your funniest or most memorable story?

u/Nakul_Gautam — 3 days ago

[Build in Public] My college side project just crossed 13,000 active users. Here is the architecture and what I learned building for the Indian market.

Hey everyone,

I wanted to share the raw journey and analytics of a side project I built to solve my own placement struggles. I just checked the dashboard today and realized we crossed 13,000 active users and 167,000 events organically. I’ve attached the Google Analytics screenshot as proof.

The Problem: > While preparing for internships at NIT KKR, I noticed talented peers getting auto-rejected off-campus. The issue wasn't their skills; it was their resume formats breaking ATS parsers (bad LaTeX margins, complex columns, etc.). I wanted to build an automated formatting and AI-scoring engine to fix this.

Why it Grew: > I honestly think the main reason this scaled without an ad budget is because I am a student right now and understand our specific market. Most global resume tools charge expensive monthly subscriptions in dollars. By keeping the platform accessible, simple, and tailored strictly to the Indian campus/off-campus placement grind, the word-of-mouth took over.

The Architecture (MERN + AI):

Frontend: React.js, Tailwind CSS (for fast iteration).

Backend: Node.js, Express.js.

Database: MongoDB.

Auth: Appwrite-based JWT auth and Google OAuth (this single integration boosted signups massively).

Technical Bottlenecks I Hit:

Traffic Spikes: Scaling Node.js to handle sudden influxes of concurrent users generating complex PDFs.

Security: Dealing with targeted bot attacks and having to implement strict rate limiting and honeypots.

Parsing: Building an ATS scoring algorithm that actually accurately reads different PDF structures.

I’m posting this as a case study for anyone else looking to build a SaaS while in college.

Happy to answer any questions in the comments about the MERN architecture, how I handled the bot attacks, or balancing side-project development with a 9.7 CGPA.

u/Nakul_Gautam — 2 months ago