The invention discloses a method, device and system for preventing services from being attacked, which belong to the technical field of information security. The method comprises the following steps: receiving a service request sent by a client, and issuing verification information to the client, wherein the verification information at least comprises plaintexts generated randomly and user identifications encrypted by private keys; receiving a signature which is returned by the client and encrypted by a public key for verification information; and verifying the legality of the client according to the signature returned by the client, if passing the verification, continuing to serve the client, otherwise, determining that the client is an illegal client, and discarding a data packet sent by the illegal client. The method, device and system disclosed by the invention have the advantages that because the client is subjected to legality verification before being provided with services, no excessive spending is added in the process of verification, and the secret key interaction between a server and a client is not required, the risk vulnerabilities existing in secret key interaction can be avoided, and then the effect of preventing services from being attacked can be achieved.