diff --git a/modules/security/live-attack-monitor-v2.sh b/modules/security/live-attack-monitor-v2.sh
index cbc0188..54dd95c 100755
--- a/modules/security/live-attack-monitor-v2.sh
+++ b/modules/security/live-attack-monitor-v2.sh
@@ -1949,6 +1949,8 @@ monitor_apache_logs() {
                         if [[ "$et_attack_types" =~ (RCE|WEBSHELL|ECOMMERCE_EXPLOIT) ]]; then
                             # These are ALWAYS critical - block immediately regardless of score
                             echo "[CRITICAL] INSTANT_BLOCK_RCE | $ip | Score:$et_attack_score | Attacks:$et_attack_types" >> "$TEMP_DIR/recent_events"
+                            # BUG FIX: Increment block counter for RCE blocks
+                            increment_block_counter 1
                             if type quick_block_ip &>/dev/null; then
                                 quick_block_ip "$ip" "CRITICAL_RCE: $et_attack_types" &
                             fi
@@ -2229,6 +2231,8 @@ monitor_firewall_blocks() {
                     # Log firewall block
                     local time_str=$(date +"%H:%M:%S")
                     echo -e "${LOW_COLOR}[${time_str}] $ip | FIREWALL_BLOCK | Blocked by firewall${NC}" >> "$TEMP_DIR/recent_events"
+                    # BUG FIX: Increment block counter when block is detected
+                    increment_block_counter 1
                 fi
             fi
         done &
@@ -2294,6 +2298,8 @@ monitor_cphulk_blocks() {
                         local color=$(get_threat_color "$level")
 
                         echo -e "${color}[${time_str}] $ip | Score:$score [$level] | 🔐CPHULK_BLOCK | Blocked by cPHulk${NC}" >> "$TEMP_DIR/recent_events"
+                        # BUG FIX: Increment block counter for cPHulk blocks
+                        increment_block_counter 1
                     fi
                 done
                 sleep 10  # Poll every 10 seconds
@@ -2519,6 +2525,8 @@ monitor_network_attacks() {
                                     ) &
                                     local time_str=$(date +"%H:%M:%S")
                                     echo -e "${CRITICAL_COLOR}[${time_str}] SUBNET_BLOCK | $subnet_cidr | IPs:${subnet_ip_count} | Severity:${attack_severity}${NC}" >> "$TEMP_DIR/recent_events"
+                                    # BUG FIX: Increment block counter when subnet block is detected
+                                    increment_block_counter 1
                                 fi
                             fi
                         done
@@ -3306,6 +3314,8 @@ detect_distributed_attacks() {
                         if [ ${#batch_ips[@]} -gt 0 ]; then
                             batch_block_ips "${batch_ips[@]}"
                             echo -e "${CRITICAL_COLOR}[${time_str}] DISTRIBUTED_ATTACK | ${attack_type} from ${unique_ips} IPs | BLOCKED ALL${NC}" >> "$TEMP_DIR/recent_events"
+                            # BUG FIX: Increment block counter for distributed attacks
+                            increment_block_counter 1
                         fi
 
                         # Check for subnet-level coordination (25+ IPs from same /24)
@@ -3330,6 +3340,8 @@ detect_distributed_attacks() {
                                     if [ "$IPSET_AVAILABLE" -eq 1 ]; then
                                         ipset add "$IPSET_NAME" "$subnet_cidr" -exist 2>/dev/null
                                         echo -e "${CRITICAL_COLOR}[${time_str}] SUBNET_BLOCK | $subnet_cidr | ${attack_type} from ${subnet_ip_count} IPs | BLOCKED${NC}" >> "$TEMP_DIR/recent_events"
+                                        # BUG FIX: Increment block counter for subnet blocks
+                                        increment_block_counter 1
                                     fi
                                 fi
                             fi