hi everyone please help me how i can avoid this hack ,
someone not in my active member or even cookies or in users , he can hack the hotspot page and stay ( H ) in Hosts and running the internet
look at my Screenshot images
thank you everyone

What makes you think that this is not a legitimate user?

because when i check his mac address online i can't find any info and also he's not in my useres or active members or in cookies
he just show up in Hosts with (H) mark and he can take all speed connections alone and when i remove all active members and cookies he still work good

Assuming 49:F5:C3:F2:CF:E8 is the mac address.
FORWARD CHAIN
/add action=drop chain=forward in-interface=YourHotspot_Interface log=yes src-mac-address=49:F5:C3:F2:CF:E8

By the way. Even non authorised user can open the hotspot login page, correct? So it means he can refresh this page to generate traffic, correct? And he can send any traffic to the login page! This does not mean he has access to internet. You can use Tool -> Torch to see what traffic this is, and where it's going