Are Hacked Clients Detectable?

'''The big question here is: Can a server auto-ban you at when you log in when you use any type of mod? The direct answer is: NO,''' but there are many exceptions. Read on, please.

They can detect versions and kick people that use the wrong version. Can't they detect non-vanilla clients?
Truth is, they can't. They can only tell if the client will be compatible with the server or not, because the "protocol version" is compared when joining a server. This means that all clients on 1.8.x can join any server on 1.8.x. You can actually fake this if you want, but obviously it would result in some issues.

It is not possible in a vanilla client to "scan a user's files", but there has been an exploit in older versions of Minecraft, before 1.9, to check if a certain file exists on a user's computer (https://github.com/Sk1erLLC/Resource-Exploit-Fix).

However, note that this exploit does not allow a server to read the contents of the file, nor does it ensure that the user is using cheats (it just means they have it installed).

They disabled my radar in Rei's minimap!!!
Rei's minimap sends information about itself to the server. Then they provide the option for the server to disable it. A spigot plugin sends a MOTD to it, and the radar is off (it's usually a string of color codes, so you may see blank lines when you join a server). This goes for some other mods too. However, its extremely easy for someone to "edit" the mod so this doesn't happen. Some mod authors do not want their mods to be used as hacking, so they let the server disable it with plugins, even though it is bypassed easily.

If they can force Spigot clients (e.g. Spoutcraft), they can force vanilla clients.
No. '''Spigot clients are special because they tell the server saying that they are Spigot. If a hacked client author does the same, they can do this too.''' Vanilla clients do not have the ability to send their mods to the server unless the mod specifically says so. So therefore, you cannot ban everyone with a non-vanilla client.

I turned on XRay and the ores are showing everywhere! Can they find out about client-side render mods?
No. It is not possible for someone to detect client side mods when you aren't being suspicious. But they can, however, show you false information about the world. Anti-XRay, for example, tells you that there are ores everywhere until the block is exposed to air. Anti-ESP hides entities you normally wouldn't see. While these do seem to "detect" XRay/ESP, it only limits it. For a better "bypass" for xray, check if the ore is exposed to air before rendering it.

They can detect Forge mods?
A lot of hacked clients nowadays are runnable as Forge mods. This is risky, as Forge sends a list of your mods to the server, along with the fact that you are using Forge. To bypass this, you may either spoof your mod name or find a hacked client that stops the list from being sent (e.g. LiquidBounce).

Fabric Mods
Currently, it is possible to detect if a user is using Fabric, but not what mods the user has installed. This has led to some occurrences where Fabric users would automatically be presumed to be hacking, but this is again bypassable.

Special Exploits
Sometimes, there may be a bug in a hacked client that allows it to be detected (https://medium.com/@th0rgal/how-to-detect-the-undetectable-hacked-client-aristois-ad14562e357e). This is very rare and can be fixed easily, so you will not see this often.

Client-Side Anticheats
Client-side anticheats are the only way to block non-vanilla mods. However, it is such a pain that large servers would not use it. A user could also decompile the exe that checks your mods, which is why it is impractical to use for very big servers.