In service access systems, a user terminal sends an access request to a web server and the web server provides the appropriate service to the user terminal based on the request. To increase service access security and to avoid malicious access or attacks by a user terminal, the web server needs to determine whether the user terminal is a malicious access terminal and if so, intercept the malicious access request sent by the user terminal. Typically, in determining whether to intercept transmitted information, a web server analyzes the IP addresses of the transmission (e.g., in the form of network layer information or HTTP requests) sent by user terminals. This analysis includes keeping track of the access frequency for each received IP address and determining whether the corresponding user terminal is a malicious access terminal based on this information. If the sending user terminal is determined to be a malicious access terminal, then the web server may proceed to intercept subsequent access requests from the identified user terminal. However, in these typical methods, the web server not only needs to perform normal processing of user terminal service requests, but also has to perform real-time analysis of user terminal network layer information or HTTP requests. This approach lowers the web server's service response speed and disadvantageously reduces the web server's efficiency.