diff --git a/modules/security/live-attack-monitor.sh b/modules/security/live-attack-monitor.sh
index 55653bf..9e3a7a1 100755
--- a/modules/security/live-attack-monitor.sh
+++ b/modules/security/live-attack-monitor.sh
@@ -774,8 +774,16 @@ monitor_ssh_attacks() {
                         fi
                     fi
 
-                    # Calculate new score
-                    score=$(calculate_attack_score "$attacks")
+                    # Progressive scoring for bruteforce: Each attempt adds points
+                    # First attempt: 10 pts, subsequent attempts: +8 pts each
+                    if [ $hits -eq 1 ]; then
+                        score=10
+                    else
+                        score=$((score + 8))
+                    fi
+
+                    # Cap at 100
+                    [ $score -gt 100 ] && score=100
 
                     # Update IP_DATA
                     IP_DATA[$ip]="$score|$hits|$bot_type|$attacks|$ban_count|$rep_score"
@@ -1070,7 +1078,14 @@ monitor_email_attacks() {
                         [ -z "$attacks" ] && attacks="BRUTEFORCE" || attacks="${attacks},BRUTEFORCE"
                     fi
 
-                    score=$(calculate_attack_score "$attacks")
+                    # Progressive scoring: Each email bruteforce attempt adds points
+                    if [ $hits -eq 1 ]; then
+                        score=10
+                    else
+                        score=$((score + 8))
+                    fi
+                    [ $score -gt 100 ] && score=100
+
                     IP_DATA[$ip]="$score|$hits|$bot_type|$attacks|$ban_count|$rep_score"
 
                     # Log to reputation DB
@@ -1121,7 +1136,14 @@ monitor_ftp_attacks() {
                         [ -z "$attacks" ] && attacks="BRUTEFORCE" || attacks="${attacks},BRUTEFORCE"
                     fi
 
-                    score=$(calculate_attack_score "$attacks")
+                    # Progressive scoring: Each FTP bruteforce attempt adds points
+                    if [ $hits -eq 1 ]; then
+                        score=10
+                    else
+                        score=$((score + 8))
+                    fi
+                    [ $score -gt 100 ] && score=100
+
                     IP_DATA[$ip]="$score|$hits|$bot_type|$attacks|$ban_count|$rep_score"
 
                     # Log to reputation DB
@@ -1168,11 +1190,20 @@ monitor_database_attacks() {
                     hits=$((hits + 1))
 
                     # Add SQL_INJECTION to attacks
+                    local is_new_attack=0
                     if [[ ! "$attacks" =~ SQL_INJECTION ]]; then
                         [ -z "$attacks" ] && attacks="SQL_INJECTION" || attacks="${attacks},SQL_INJECTION"
+                        is_new_attack=1
                     fi
 
-                    score=$(calculate_attack_score "$attacks")
+                    # Progressive scoring: First DB attack = 15pts, each additional = 12pts
+                    if [ $is_new_attack -eq 1 ]; then
+                        score=$((score + 15))
+                    else
+                        score=$((score + 12))
+                    fi
+                    [ $score -gt 100 ] && score=100
+
                     IP_DATA[$ip]="$score|$hits|$bot_type|$attacks|$ban_count|$rep_score"
 
                     # Log to reputation DB