diff --git a/lib/attack-patterns.sh b/lib/attack-patterns.sh
index 50b3403..e15169f 100644
--- a/lib/attack-patterns.sh
+++ b/lib/attack-patterns.sh
@@ -665,7 +665,10 @@ detect_all_attacks() {
     fi
 
     if [ ${#attacks[@]} -gt 0 ]; then
-        IFS=','; echo "${attacks[*]}"
+        local old_IFS="$IFS"
+        IFS=','
+        echo "${attacks[*]}"
+        IFS="$old_IFS"
     else
         echo ""
     fi
diff --git a/lib/php-analyzer.sh b/lib/php-analyzer.sh
index 525d894..0a2903f 100644
--- a/lib/php-analyzer.sh
+++ b/lib/php-analyzer.sh
@@ -508,8 +508,10 @@ analyze_domain_traffic_advanced() {
     done
 
     # Sort values
-    IFS=$'\n' rpm_sorted=($(sort -n <<<"${rpm_values[*]}"))
-    unset IFS
+    local old_IFS="$IFS"
+    IFS=$'\n'
+    rpm_sorted=($(sort -n <<<"${rpm_values[*]}"))
+    IFS="$old_IFS"
 
     local peak_rpm=${rpm_sorted[-1]:-0}
 
diff --git a/modules/security/live-attack-monitor-v2.sh b/modules/security/live-attack-monitor-v2.sh
index 2637f04..0ba7060 100755
--- a/modules/security/live-attack-monitor-v2.sh
+++ b/modules/security/live-attack-monitor-v2.sh
@@ -1626,13 +1626,15 @@ show_blocking_menu() {
     fi
 
     # Sort by score
-    IFS=$'\n' blockable_list=($(sort -t'|' -k2 -rn <<<"${blockable_list[*]}"))
-    unset IFS
+    local old_IFS="$IFS"
+    IFS=$'\n'
+    blockable_list=($(sort -t'|' -k2 -rn <<<"${blockable_list[*]}"))
+    IFS="$old_IFS"
 
     # Display IPs
     local idx=1
     for entry in "${blockable_list[@]}"; do
-        IFS='|' read -r ip score hits attacks <<< "$entry"
+        IFS='|' read -r ip score hits attacks <<< "$entry" || true
         local level=$(get_threat_level "$score")
         local color=$(get_threat_color "$level")