I see only one alternative - it's make server-side security by delays for each feature:
item usage (potions/gears) & switching delays
Skill usage hard delays depens on the animation & aspd & other parameters.
Packet Encryption to protect against simple Bots like openkore.
Server side protection by delays & etc, it's 80% against all cheats. The main sense it's make cheat software unusable.
Client side is very hard to protect, and that is very dangerous and take a lot of time & money.
Protection for client must be next:
unique algorythm to check current version, size, signatures of the game .exe; Default hash-cheking feature can be bypassed by simple re-sending packet what contain inself a information about hash of the client. That mean, you can protect your .exe against any injections, but someone will make the same clear .exe and will make hash-sums spoofing (fake sending packet from 3rd party application about "real" .exe), and he will use clear .exe + will send to the server hash-sums of the original exe and he will use any cheat software what he want to use. That is very sad. (i know many exaples of that)
Rewrite WinApi Hooks to make system-calls to the worked process (application) not real, or to ignore our application. But it's takes a lot of money & time & admin skill. So that mean it's very hard to realease + that is very unstable, because this emulation can be bypassed by disabling or freezing extra dll for exe what contain this functions, or some antivirus or another application will be always give a crash for Ragnarok .exe;
Write or apply (i already saw many ways (with sources) windows driver with official signature from Windows to make imposible to unload this driver from system when process is running + some self-protection functions & checks to check is security dll/exe are work or nope, freezed or nope, hided or nope, etc. But this method is very bad, because many people on this planet using pirate software (around 90% in the world), and each operation system from Windows Family have different configurations, pre-installed software, etc. So there is a big risk to get system unusable.
GRF Encryption - that can any GM, it's free and easy to make for each server.
This is not full information, just a very small part, but the main sense of my message: need to make a server-side protection on the delay part to make unusable any spamming & in game world hacking.
* dump ragexe Client create new one from scratch