I'm Building a Meme Coin Alone With Zero Budget. Here's What I Learned.

Source: Dev.to

Introduction

I’m a 45‑year‑old non‑developer who, after breaking my nose falling off a scooter, decided to build a meme‑coin project called Motorcycle Diaries ($MOTO) on Solana. I had zero budget, no team, no investors, and no crypto connections—just stubbornness and a lot of late nights. This post isn’t a token shill; it’s a rundown of what I learned building an entire web project from scratch.

Stack Overview

Frontend

• Design: Custom responsive layout built from scratch (no Bootstrap, Tailwind, etc.).
• Performance: Page loads in under 700 ms.
• Image optimization: Original 36 MB image folder reduced to 7 MB using ImageMagick (resize + quality 80) and pngquant. Load time dropped from 1.8 s to 0.68 s.
• PWA support: manifest.json and a service worker enable installable, offline‑capable experience.

Sample .htaccess hardening

# Prevent clickjacking
Header set X-Frame-Options "DENY"

# Content Security Policy
Header set Content-Security-Policy "default-src 'self'; script-src 'self' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline'"

# Enforce HTTPS
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

# Cross‑Origin Opener Policy
Header set Cross-Origin-Opener-Policy "same-origin"

# Block common attack vectors
RewriteCond %{QUERY_STRING} (?:\b(?:select|union|insert|delete|drop)\b) [NC,OR]
RewriteCond %{REQUEST_URI} (?:/etc/passwd|/wp-admin|/wp-login) [NC]
RewriteRule ^ - [F,L]

Backend

• API: FastAPI serves the Solana wallet integration and the slot‑machine logic.
• Port restrictions: ISP blocked custom ports, so I used a Cloudflare Tunnel (cloudflared) to expose localhost:8901 via a public HTTPS URL.
• Proxy: A lightweight PHP script on shared hosting forwards requests from the static site to the FastAPI backend.

Telegram Bot

Implemented with a single Python process (~60 MB RAM) handling:

• Full group administration (bans, mutes, warnings, anti‑flood)
• Captcha verification for new members (similar to SafeGuard)
• Scheduled tasks (daily analytics reports)
• Twitter/X monitoring via FxTwitter API
• Auto‑posting new tweets to the Telegram group
• Follower‑count change notifications with humorous messages
• Custom welcome messages with DM buttons
• /stats command that pulls GA4 data and displays website analytics directly in Telegram

Security & Hardening

Beyond the .htaccess rules, I:

• Blocked suspicious query strings and known scanner user‑agents.
• Enforced strict CSP, HSTS, and X‑Frame‑Options.
• Regularly audited logs for unusual activity.

Lessons Learned

1. Image compression matters – a simple resize/quality tweak can cut load times dramatically.
2. Static sites can outperform heavy frameworks for content‑focused marketing pages.
3. Cloudflare Tunnel is a lifesaver when ISP firewalls block custom ports.
4. Telegram Bot API is surprisingly powerful; a single process can manage admin tasks, analytics, and external API integrations.
5. Security can be layered even on cheap shared hosting with proper .htaccess configuration.

Resources

• Website:
• The Manifesto – full unfiltered story (link provided on the site)
• Telegram Community – join via the link on the site
• X (Twitter): @motodiariesfun

Disclaimer

This is not financial advice. I’m just a guy who fell off a scooter and decided to tinker. If you’re a developer thinking about building something solo—just start. The tools available today are incredible.

Born to Ride. Forced to HODL. 🏍️