Sahaib
Back to all posts

How Vercel and AI Helped Me Stop Unauthorized Access to reurl.dev in Minutes—As an AI-Assisted Developer Still Learning

How Vercel and AI Helped Me Stop Unauthorized Access to http://reurl.dev in Minutes

How Vercel and AI Helped Me Stop Unauthorized Access to reurl.dev in Minutes—As an AI-Assisted Developer Still Learning

I’m Sahaib, and I’m not a professional developer—I’m an AI-assisted developer, still learning the ropes but passionate about building tools that make the internet better. My app, reurl.dev, is a free URL shortener with analytics, born from my belief that everyone should have access to reliable, high-quality tools without barriers. But on March 3, 2025, I faced a scary challenge: a flood of 401 unauthorized access errors was hitting reurl.dev non-stop, threatening my Product Hunt launch on March 5, 2025. Thanks to Vercel’s modern tools and AI assistance, I stopped the attack in minutes, learned a ton, and made reurl.dev quicker and more secure. Here’s my story as a learner.

The Problem: A Flood of 401 Errors

I was in the middle of preparing for reurl.dev’s big launch, sharing updates in the BIP 3.0 community and tweaking features, when I noticed something alarming. Vercel’s logs were flashing with thousands of 401 errors—someone or something was trying to break into reurl.dev’s endpoints relentlessly. I checked the Vercel dashboard and saw 34.9K requests in an hour, with 28.8K denied and 429 challenged by Vercel’s Attack Challenge Mode. As someone still learning, I felt overwhelmed, but I knew I had to act fast to protect my app and my users.

reurl.dev isn’t just code to me—it’s my answer to the expensive, feature-poor URL tools I struggled with at Freightify. I built it to be free, open, and powerful, and I couldn’t let an attack ruin that vision or derail my launch.

Step 1: Vercel’s Attack Challenge Mode Saved Me

As a learner, I rely on modern tools to fill the gaps in my knowledge, and Vercel’s dashboard became my lifeline. I dove into the Firewall section and saw and enabled Attack Challenge Mode, which blocked most of the malicious traffic. The dashboard showed a spike in traffic starting around 7:56 PM IST, peaking at 8:14 PM with 1.5K requests in a minute. Vercel’s DDOS mitigation (green line) and Challenge Mode (yellow line) were filtering out 28.8K denied requests while allowing 5.7K legitimate ones.

stats

I’m still figuring out security, but Vercel’s real-time visibility and automatic protection gave me the confidence to move forward. It bought me time to investigate, and I felt like a real dev seeing Vercel handle this like a pro—something I’m still learning to do myself.

Step 2: AI-Powered Middleware with Cursor IDE

I’m not a pro coder, but AI tools like Cursor IDE are helping me level up fast. I opened Cursor, explained my problem in simple terms: “Update the middleware script to block the IP for 'x' hrs for such frequent unauthorized accesses/hits.. and stop 401 errors.” Within seconds, Cursor generated a middleware script, implemented Redis to track IP addresses and their failed attempts that I could use in reurl.dev’s setup.

I deployed it to Vercel in about 5 minutes—something I couldn’t have done so quickly without AI. The script did three things:

  • Rate Limiting: Limited each IP to 10 requests per minute, blocking excess with a 429 status.

  • IP Capture: Logged source IPs for every unauthorized attempt, so I could track the attackers.

  • Dynamic Blocking: Added offending IPs to a blocked list, returning a 403 status for future requests.

As soon as I deployed, the 401 errors stopped. I felt a huge rush of excitement—AI had helped me solve a pro-level problem in minutes, even as a learner. Vercel’s dashboard showed traffic stabilizing, with only legitimate requests (5.7K) continuing.

Step 3: Vercel’s Speed Insights for Performance

I’m still learning about performance optimization, but Vercel’s Speed Insights made it easy. I checked the dashboard and saw a Real Experience Score of 95 (P95), but there was a warning: “No data available—make sure you are using the latest

@vercel

/speed-insights package.” I followed Vercel’s steps—installed npm i @vercel/speed-insights, added <SpeedInsights /> to layout.js, and redeployed. Within 30 minutes, Speed Insights started collecting metrics, confirming reurl.dev’s performance was solid despite the attack.

This taught me how modern tools can help me track and improve performance, even as I’m still figuring things out. Vercel’s simplicity and AI’s guidance are making me a better, faster developer every day.

The Outcome: Unauthorized Access Stopped, Lessons Learned

With Vercel and AI, I stopped the attack on reurl.dev in under 15 minutes. Vercel’s Attack Challenge Mode blocked most requests, giving me time to respond. Cursor IDE’s AI-generated middleware halted the 401 errors and captured source IPs for analysis. Speed Insights ensured my app stayed fast for users, protecting my Product Hunt launch.

As an AI-assisted developer still learning, this experience showed me how modern tools and AI can bridge the gap between my skills and professional challenges. I’m not a pro yet, but Vercel and Cursor are helping me get better, quicker, and more secure. I’m sharing this story in BIP 3.0 because building in public means showing the highs and lows—and how I’m growing with every challenge.

Next Steps for reurl.dev

  • Enhance Security: I’ll use Redis to store blocked IPs long-term and add reCAPTCHA to deter bots—AI and Vercel docs will guide me.

  • Share the Story: I’m posting this journey on X in BIP 3.0: “As a learner, I stopped an attack on reurl.dev with Vercel and AI in minutes. Free URL shortener with analytics. How are you learning security? #BuildInPublic”

  • Product Hunt Launch: On March 5, I’ll share how reurl.dev is battle-tested, thanks to these tools Vercel and Cursor by Anysphere , to build trust for users.

Final Thoughts

I’m not a professional developer, but Vercel’s modern infrastructure and AI tools like Cursor are helping me learn fast and build secure apps. This attack was scary, but it turned into a victory because of the tools I’m using. If you’re a learner like me, struggling with security or performance, I hope my story shows how Vercel and AI can level you up. Try reurl.dev for free at https://reurl.dev, support my work via Buy Me a Coffee, and let’s build a safer, more accessible internet together—step by step, as I learn!