An anti-cracking method and system for a cloud host, as well as a terminal device are provided according to the disclosure. The method includes: obtaining system logs of the cloud host; determining an IP which fails to log in the cloud host according to the system logs as a suspicious IP; tracking and determining the suspicious IP to be an attacker IP according to the number of times of consecutive login failure of the suspicious IP; and adding a first blocking rule to firewall settings of the cloud host; wherein the first blocking rule instructs to block a login operation of the attacker IP during a first preset blocking time. With the anti-cracking method for a cloud host of the disclosure, the brute-force cracking can be prevented proactively in a timely manner with only very few system resources occupied.