It’s the same logic that those “I’m not a robot” boxes use; You’d just want to know what they were doing before the gunshot that you are checking.
If they make a sudden and very large mouse movement (say, 120 pixels in one frame) onto the target player, and then shoot, then that could be a red flag, for example. A normal player would have relatively smooth acceleration and deceleration of their mouse.
Theres many ways to combat this form of hacking. Most solutions will not prevent the problem entirely, but may make a hackers job harder.
Server vote kick regulation
You might find it useful in implementing a server kick feature, where a server can vote to kick players that may be playing unfairly.
Real world variables
You can also add in real world variables on the server. Apply gravity, and spread to the bullet with a very small delay in between fire and impact.
Ignore bot-like precision
If that position provided hits a player, you might try to compare it with the hit object’s position. If they are within a certain bounds of similarity, then ignore the bullet. Most shots will not be on the level of precision as a bot.
Add false targets, only hittable by bots, to confuse bots
I might even look into manipulating what the bot targets. A bot will take information given by the client, so if you can forge multiple targets, a bot may try to hit these instead. So say you have 4 invisible targets 5 studs behind the player relative to the clients position and angle. A bot might falsify a fake position because it’s chosen one of those false targets, but you as a developer know that those targets can’t be hit. A player can’t shoot a target behind another object.
Note
With all exploits and attacks, a developer should learn how the attack works to properly defend against it. These are some of the idea’s I’ve had under my impression on how this attack operates, but I have not practiced it, and can’t say for certain if these will be successful counters. So definetly research the attack and how other developers have countered it.