diff --git a/modules/security/live-attack-monitor.sh b/modules/security/live-attack-monitor.sh
index 8e80ad8..e63e0f0 100755
--- a/modules/security/live-attack-monitor.sh
+++ b/modules/security/live-attack-monitor.sh
@@ -703,6 +703,12 @@ block_ip_temporary() {
     local reason="${3:-Auto-block by live monitor}"
     local seconds=$((hours * 3600))
 
+    # Validate IP format before blocking
+    if ! is_valid_ip "$ip"; then
+        echo "✗ Error: Invalid IP format: $ip"
+        return 1
+    fi
+
     if command -v csf &>/dev/null; then
         echo "Blocking $ip for ${hours}h: $reason"
         csf -td "$ip" "$seconds" "$reason" >/dev/null 2>&1
@@ -767,6 +773,12 @@ block_ip_permanent() {
     local ip="$1"
     local reason="${2:-Permanent block by live monitor}"
 
+    # Validate IP format before blocking
+    if ! is_valid_ip "$ip"; then
+        echo "✗ Error: Invalid IP format: $ip"
+        return 1
+    fi
+
     if command -v csf &>/dev/null; then
         echo "Permanently blocking $ip: $reason"
         csf -d "$ip" "$reason" >/dev/null 2>&1