Skip to content
jr/dev
ES
← Back to home

B2C SaaS · SMM · High-traffic e-commerce · 2023 — 2025

EngajaMaisVoce

Premium social-growth platform for the Brazilian market.

Role
Tech Lead · Full Stack & Infra Engineer
Period
Dec 2023 — Oct 2025
active users
50K+
revenue
1M+ BRL
payment gateways
6
repos built from scratch
3
EngajaMaisVoce landing page with the "buy real followers" proposition.

The project that turned me into a product engineer

For two years I was the sole technical owner of EngajaMaisVoce, an SMM (Social Media Marketing) platform that sells real followers, likes and views on Instagram and TikTok for the Brazilian market. It wasn’t just writing code: I configured the whole infrastructure, stabilized integrations with six notoriously unreliable external SMM panels, mitigated continuous DDoS attacks and kept the operation alive with production hotfixes.

The core technical challenge

Most external SMM panels were unstable black boxes: they returned unformatted errors, failed silently or went down without notice. I built a standalone provider-API microservice that queues orders, runs automatic retries (refill) and cancels failed orders transparently for the end user. When something broke upstream, the internal system self-regulated and the user automatically received refund Coins, preventing massive chargebacks.

Architecture

Three independently-deployed repositories:

  1. ig-br-frontend — customer and admin UI. React 19 + TypeScript + Vite. RS Suite, Material UI and Tailwind for a dense but ordered visual layer. Zustand for global state and auth.
  2. backend-engajamais — main orchestrator of orders, payments, users and business rules. Node.js + Express + TypeScript under PM2. MySQL + Sequelize for transactional data (ACID) and MongoDB + Firebase for high-volume logs, notifications and real-time events.
  3. api-proovedor — resilient microservice that abstracts the six SMM panels and normalizes their behavior.

Multi-gateway payments

I implemented dedicated webhooks for the six most-used gateways in Brazil — Stripe, Mercado Pago, Woovi/OpenPix (PIX QR), PagHiper (boleto), AppMax and Cakto — with signature verification, idempotency, retry policies and reconciliation against the transactional database.

Infrastructure under fire

The site was under constant attack. I defended it from the ground up:

  • Nginx reverse proxy with fine-grained rate limiting per endpoint and per IP.
  • Custom Bash anti-DDoS scripts (ddos_protection.sh, antiddos.sh) at the iptables level with limit rate.
  • Geo-blocking with MaxMind GeoLite2 to reject traffic from unauthorized regions.
  • Automatic SQL backups to Google Drive and AWS S3.
  • Critical alerts via WhatsApp (Evolution API) and email (Twilio/Nodemailer) to the founders’ phone when the system detected anomalies.

Tracking and growth

  • Server-side Facebook Pixel (Meta CAPI) with robust clientIdentifier, _fbp and _fbc to bypass ad blockers.
  • Free AI-powered Instagram analysis (DeepSeek) as a lead magnet: the user gets an automated report in exchange for entering the funnel.
  • 3-step checkout optimized for CRO, no passwords required to validate the public account.

Takeaways

This project pulled me out of “coder” mode and pushed me into product-engineer mode. I learned the hard way that code is useless if the infrastructure goes down, that external providers always fail eventually, and that every Pixel event lost in e-commerce is money burned. I spent entire nights solving issues on the fly, dealing with banned IPs and protecting the business. It’s the project that graduated me as a professional developer.

Screenshots

Landing hero with main CTA and value proposition.
Conversion-optimized landing with ultra-fast load and a clear CTA.
Grid of available plans and packages.
Plan catalog with visual hierarchy oriented to upsell.
AI-powered Instagram analysis modal (DeepSeek).
AI lead magnet — free profile analysis to activate the funnel.
Checkout step 1 — package selection.
3-step checkout optimized for CRO, no passwords required.
Checkout step 2 — public account input.
Public account validation without requiring user credentials.
User panel login screen.
Panel access with persisted session and real-time notifications.
← Back to home