diff --git a/modules/security/live-attack-monitor-v2.sh b/modules/security/live-attack-monitor-v2.sh
index b524602..5dc83b8 100755
--- a/modules/security/live-attack-monitor-v2.sh
+++ b/modules/security/live-attack-monitor-v2.sh
@@ -1172,7 +1172,8 @@ verify_ip_blocked() {
 
     # Check CSF temporary blocks
     if command -v csf &>/dev/null; then
-        if csf -t 2>/dev/null | grep -q "$ip"; then
+        # CRITICAL FIX: Use -w flag for word boundary matching
+        if csf -t 2>/dev/null | grep -q -w "$ip"; then
             return 0
         fi
 
@@ -1186,7 +1187,8 @@ verify_ip_blocked() {
 
     # Check iptables directly
     if command -v iptables &>/dev/null; then
-        if iptables -L INPUT -n 2>/dev/null | grep -q "$ip"; then
+        # CRITICAL FIX: Use -w flag for word boundary matching
+        if iptables -L INPUT -n 2>/dev/null | grep -q -w "$ip"; then
             return 0
         fi
     fi