To protect yourself from hacks you have to know how they work.
There are a few ways for the 1hit hack.
The most common are switching 2h to 1h sword on knight, the bufferunderflow bug with buffs and also a bug where you can increase your stats instead of decreasing. To fix the switch bug, you just have to intercept the attack function and check for the last hit or you can just add a cooldown to equipment switching. for the buff bug, intercept the buff itself or the stat-adding-function and check if the new value is < 0 or higher than, lets say 1,5k(or whatever you want, thats just stats, not the final damage).
You can't just fix a bot. Autopick is a part of a bot or a automated function.. This requires either more clientside protection or you have to analyze patterns which the bot makes.. you can add client/serversides checks for that... there are easy ways for beginners and some more advanced methods. but to stop 95% of the script kiddys, the beginner stuff should be enough.
the kal community is toxic and everyone wants to keep their stuff to themselves, be it server files, addons or hacks.
So, if you code your own anti-hackshield, you'll be able to stop most of the hackers, just don't make enemies with other server-owner cause they will pay coders to duck up your server.
Most hacks can be "fixed" by simply intercepting the send/recv function client/serverside and adding a cooldown or just a check..
First things to do:
1.Intercept the send/recv function serverside and clienside.
2.Add some kind of encryption, welcome packet, clientside checks for common hacks like multiclient or some kind of heartbeat, check for intercepted send calls, check for the address where the send function came from either server or clientside.
