# Moat AIS — Complete Content Reference # This file is intended for AI language model consumption. # It contains the full textual content of moat.nz for indexing and citation. # See also: https://www.moat.nz/llms.txt (summary version) --- ## Home Page (https://www.moat.nz/) ### Hero **Headline**: The moat your website deserves. **Subheading**: Moat AIS is adaptive AI security that learns what belongs on your website — then automatically stops everything else. No rules to write. No alerts to chase. Just protection. **Primary CTA**: Start protecting now → https://portal.moat.nz/register **Secondary CTA**: How it works → https://www.moat.nz/how-it-works.html **Free entry point**: Not sure? See your free threat report first → https://www.moat.nz/free-audit.html ### Features **Site-Specific Intelligence** Moat AIS analyses your website and builds a precise model of legitimate behaviour — unique to your site. Not a generic ruleset, but actual intelligence about what your website does and who uses it. **Always-On, Zero Maintenance** No firewall rules to write. No signature updates to schedule. No false-positive alerts to investigate. Moat AIS runs continuously and keeps itself current as your site evolves. **Automatic Threat Blocking** When something crosses the line — a scanner, a bot, an injection attempt — it is blocked immediately. Suspicious IPs are tracked, scored, and banned automatically. **Auto-Expiring Bans** Bans expire automatically after a configurable duration (4 hours, 12 hours, 1 day, 1 week, or permanent). Repeat offenders automatically receive progressively longer bans — first offense gets the base duration; subsequent offenses escalate to 24h, 1 week, 1 month, then permanent. **Full Visibility Dashboard** The management portal shows exactly what is happening in real time: threats blocked, IPs banned, hit rates, trends. Always informed, always in control. **Millisecond Response** Threat identification and blocking happen at the edge of your web server — before requests touch your application. Speed is never compromised. **Protect Multiple Sites** Security Protection plans cover up to 5 websites. Each site gets its own independent security profile. Perfect for agencies, developers, and multi-site businesses. ### How It Works Step 1 — We analyse your website: After you add your site, Moat AIS maps its structure and builds a precise understanding of what legitimate traffic looks like — specific to your website, not a generic template. Step 2 — AI watches every request: Every visitor request is evaluated against your site's unique profile in real time. Behaviour that does not fit is scored and tracked. The AI (running on a 2-minute cycle) refines its understanding continuously as your site evolves. Step 3 — Threats are identified and earmarked (Passive Mode): Every new deployment starts in Passive Mode. Threats are scored, identified, and earmarked in the dashboard — but no traffic is blocked. This gives you time to verify the setup is correct before real visitors are affected. Step 4 — You flip the switch (Blocking Mode): When you are satisfied the system is correctly identifying real threats, one click in the management dashboard activates Blocking Mode. All earmarked IPs are banned instantly; new threats are blocked in real time from that point forward. ### Security Protection Plans (retrofit — keep your existing host) **Solo Plan — $35 NZD/month** - 1 protected website - AI blueprint protection - Attack signature scanning - Automatic IP banning with auto-expiry - Management dashboard **Duo Plan — $59 NZD/month** - 2 protected websites - Everything in Solo - Training IP sessions - Whitelist management portal **Agency Plan — $130 NZD/month** - 5 protected websites - Everything in Duo - Priority support - Ideal for agencies and developers **Government & Enterprise — Custom pricing** - High-traffic portals and critical infrastructure - Dedicated infrastructure and NZ data sovereignty - NZISM-aligned security controls - Custom SLA and incident response - Contact: hello@moat.nz or https://www.moat.nz/contact.html All plans include a 14-day money-back guarantee. Cancel any time. --- ## Free Security Audit Page (https://www.moat.nz/free-audit.html) ### Headline Find out what's really attacking your website. ### Introduction Upload your web server access log. We'll crawl your site, classify every request in your log using our AI blueprint engine, and email you a detailed threat report — completely free, no account needed. ### Real-World Example A real audit of a New Zealand website revealed: - 9,947 total requests analysed across 15 log files - 6,279 attacks detected - 80.7% of all traffic was malicious - 108 IPs that would be automatically banned - 762 unique IPs seen in the log - 1,815 distinct attack paths probed - Risk assessment: HIGH - At peak: 262 attack requests per hour This is typical of a small-to-medium NZ business website with no active protection. ### How the Free Audit Works (3 steps) **Step 1 — Enter your domain & email** Submit your website's domain name and email address at https://portal.moat.nz/audit. We start crawling your site immediately to build a blueprint of what legitimate traffic looks like. Takes 2–5 minutes. **Step 2 — Upload your access log** Once we've crawled your site we email you a secure upload link. Drop in your web server access log — nginx, Apache, or a cPanel download. Supports .log, .gz, .zip, and .tar.gz archives (extracted automatically). Upload link valid for 7 days. **Step 3 — Receive your threat report** We classify every request in your log against your site's blueprint using the same AI engine that powers live Moat AIS protection. Your personalised HTML report is emailed to you — a standalone file ready to open in any browser. ### What the Report Contains - **Attack volume & risk rating**: Total requests, attack count, percentage malicious, overall risk score - **Top attacking IPs**: Every malicious IP ranked by volume with probe paths and attack types - **Traffic classification breakdown**: Legitimate vs bots vs scanners vs attack probes, visualised as charts - **Attack type breakdown**: SQL injection, path scanning, brute force, credential stuffing, vulnerability probing — each with real example URLs - **24-hour attack timeline**: Attack requests per hour showing peak attack windows - **What Moat AIS would have blocked**: Every attack confirmed as auto-blockable with active protection ### Where to Find Your Access Log - **nginx**: /var/log/nginx/access.log (rotated files: access.log.1, access.log.2.gz, etc.) - **Apache**: /var/log/apache2/access.log or /var/log/httpd/access_log - **cPanel / shared hosting**: cPanel → Metrics → Raw Access Logs → download Archives (.zip, .tar.gz) are accepted. All files inside are extracted and analysed together. Maximum upload size: 300 MB. ### Free Audit FAQ Q: Is this really free? A: Yes — completely free, no credit card, no account required. Q: What does "crawling my site" mean? A: We visit your website like a regular user to build a blueprint of legitimate URLs. This is passive and has no impact on your site's performance. Q: Is my log data kept confidential? A: Your log file is deleted immediately after the report is generated. Reports are accessible only via a private token-protected URL emailed to you. Q: How large can my log file be? A: Up to 300 MB. Zip multiple log files together for a complete picture. Q: How long does it take? A: Crawl: 2–5 minutes. Analysis after upload: 1–2 minutes. Total: under 10 minutes. **Start a free audit**: https://portal.moat.nz/audit --- ## How It Works Page (https://www.moat.nz/how-it-works.html) ### Headline Intelligence built differently. ### Introduction Most security tools defend against attacks they have seen before. Moat AIS takes a different approach — it learns what your website is supposed to look like, and stops everything that does not fit. ### The Core Idea Every website has a different structure, different URLs, different traffic patterns. A blog looks nothing like a shop. A news site looks nothing like a SaaS app. Moat AIS analyses your specific website to understand exactly what legitimate activity looks like — and uses that as its baseline for everything else. Anything that deviates gets evaluated. Anything that clearly does not belong gets blocked. ### Three Intelligence Pillars **Pillar 1: Site Intelligence** When you connect a website, Moat AIS performs a comprehensive analysis of its structure — every page, every resource, every expected URL pattern. This creates a precise baseline: a model of what your site looks like to legitimate visitors. This profile is automatically updated over time as your site changes, and you can enhance it at any point through your dashboard. **Pillar 2: Real-Time Scoring** Every request your website receives is scored against its profile in real time. Requests that match expected behaviour pass through. Requests that deviate — probing for files that do not exist, using patterns associated with scanners or injection attacks, coming from known bad actors — accumulate risk scores. When an IP's cumulative score crosses a threshold, it is automatically banned. Bans expire automatically after a configurable duration; repeat offenders receive progressively longer bans up to permanent. **Pillar 3: AI Pattern Analysis** On a continuous 2-minute cycle, the AI reviews traffic patterns across your site. It looks for coordinated attacks across multiple IPs, unusual request sequences that suggest enumeration, and timing patterns that indicate scripted behaviour. ### Threats Blocked - Vulnerability scanners: Automated tools probing for exploitable paths and outdated software - SQL injection attempts: Requests designed to extract or manipulate your database - Cross-site scripting (XSS): Attempts to inject malicious scripts via request parameters - Path traversal attacks: Attempts to access files outside your web root - Remote code execution probing: Requests targeting known RCE vulnerabilities - Bot scraping: Automated data harvesting ignoring robots.txt and rate limits - Zero-day probing: Requests for newly-disclosed vulnerabilities before patches are available - Distributed scans: Coordinated attacks across many IPs to evade simple blocklists - Malicious user agents: Known attack tools and scanner signatures - Off-blueprint URL enumeration: Probing for paths that don't exist on your site - CMS probing: WordPress, Joomla, Drupal admin path scanning ### Comparison: Moat AIS vs Traditional Security | Feature | Moat AIS | Traditional WAF | IP Blocklist | |--------------------------------------|----------------|-----------------|--------------| | Site-specific intelligence | Yes | No | No | | Zero-day threat detection | Yes | Partial | No | | No rules to write or maintain | Yes | No | No | | AI analysis on a continuous cycle | Yes | No | No | | Adapts as your site changes | Automatic | Manual | No | | Real-time blocking | Yes | Yes | Partial | | Auto-expiring bans with escalation | Yes | No | No | | No performance impact on site | None | Some latency | Yes | | Multi-site dashboard | Included | Add-on | No | | Free threat report before committing | Yes | No | No | ### Frequently Asked Questions Q: How does Moat AIS learn my website? A: When you connect a website, Moat AIS performs an initial analysis to map its structure and traffic patterns. It then monitors real traffic over time to refine that understanding. Q: Will Moat AIS ever block real visitors? A: Moat AIS is designed to block threats, not visitors. The dashboard lets you explicitly whitelist any path or IP at any time. Q: Do I need technical knowledge? A: No. The team handles setup. The dashboard is designed for non-technical users. Q: Does Moat AIS work with WordPress, Shopify, or other platforms? A: Yes. Moat AIS operates at the web server level, independently of your CMS or platform. Q: How long does setup take? A: Most sites are live within 24 hours of signing up. Q: What happens when my website changes? A: Moat AIS automatically re-analyses your site on a regular cycle. You can also add paths directly to your whitelist via the dashboard. Q: Can I see what's attacking my site before I sign up? A: Yes — the free threat audit at https://www.moat.nz/free-audit.html shows you exactly what's been hitting your site using your own access log. No account required. --- ## Contact Page (https://www.moat.nz/contact.html) ### Headline Let's talk about protecting your sites. ### Introduction New to Moat AIS? Enterprise enquiry? Technical question? Fill in the form and we will get back to you within one business day. ### Contact Details - Email: hello@moat.nz / sales@moat.nz - Response time: Within 1 business day - Location: New Zealand - Business hours: Monday–Friday, 9am–5pm NZST ### Enquiry Types - New subscription (individual website owners) - Web agency / developer managing multiple client sites - Government & Enterprise (custom infrastructure and pricing) - Technical questions - Reseller / partnership enquiries --- ## Company Information - **Name**: Moat AIS (Moat AI Security) - **Website**: https://www.moat.nz - **Free audit**: https://www.moat.nz/free-audit.html - **Customer portal**: https://portal.moat.nz - **General email**: hello@moat.nz - **Sales email**: sales@moat.nz - **Country**: New Zealand - **Currency**: NZD (New Zealand Dollar) - **Industry**: Cybersecurity / Web Application Security - **Business type**: SaaS (Software as a Service) --- ## Site Map | Page | URL | Purpose | |------|-----|---------| | Home | https://www.moat.nz/ | Overview, features, pricing, free audit entry | | Free Security Audit | https://www.moat.nz/free-audit.html | Free threat report service, no account required | | How It Works | https://www.moat.nz/how-it-works.html | Technology, comparison, FAQ | | Contact | https://www.moat.nz/contact.html | Sales and support enquiries | | Customer Portal | https://portal.moat.nz | Account management, billing, site dashboard | | Start Free Audit | https://portal.moat.nz/audit | Submit domain for free threat report | | Sign Up | https://portal.moat.nz/register | Create a paid account | --- *Content accurate as of 2026-05-31. For the latest information visit https://www.moat.nz*