diff --git a/modules/security/live-attack-monitor-v2.sh b/modules/security/live-attack-monitor-v2.sh
index f190767..5b94355 100755
--- a/modules/security/live-attack-monitor-v2.sh
+++ b/modules/security/live-attack-monitor-v2.sh
@@ -1802,7 +1802,15 @@ apply_synflood_fix() {
         echo "Enabling SYNFLOOD protection..."
 
         # Backup config
-        cp /etc/csf/csf.conf /etc/csf/csf.conf.bak.$(date +%Y%m%d_%H%M%S)
+        # CRITICAL FIX: Check if backup succeeds before modifying
+        # Bug: If cp fails (no write permission), script continues anyway
+        # Result: Original file modified without backup - data loss if something goes wrong
+        local backup_file="/etc/csf/csf.conf.bak.$(date +%Y%m%d_%H%M%S)"
+        if ! cp /etc/csf/csf.conf "$backup_file" 2>/dev/null; then
+            echo "ERROR: Failed to backup /etc/csf/csf.conf to $backup_file"
+            echo "Aborting SYNFLOOD configuration to prevent data loss"
+            return 1
+        fi
 
         # Enable SYNFLOOD
         sed -i 's/^SYNFLOOD\s*=.*/SYNFLOOD = "1"/' /etc/csf/csf.conf
@@ -1850,7 +1858,15 @@ apply_ssh_hardening() {
         echo "Lowering threshold to 3 failed attempts..."
 
         # Backup config
-        cp /etc/csf/csf.conf /etc/csf/csf.conf.bak.$(date +%Y%m%d_%H%M%S)
+        # CRITICAL FIX: Check if backup succeeds before modifying
+        # Bug: If cp fails (no write permission), script continues anyway
+        # Result: Original file modified without backup - data loss if something goes wrong
+        local backup_file="/etc/csf/csf.conf.bak.$(date +%Y%m%d_%H%M%S)"
+        if ! cp /etc/csf/csf.conf "$backup_file" 2>/dev/null; then
+            echo "ERROR: Failed to backup /etc/csf/csf.conf to $backup_file"
+            echo "Aborting SSH hardening configuration to prevent data loss"
+            return 1
+        fi
 
         # Update LF_SSHD
         sed -i 's/^LF_SSHD\s*=.*/LF_SSHD = "3"/' /etc/csf/csf.conf