What you’re asking for is extremely hard. If possible, getting the user to specify the encoding is the best. Preventing an attack shouldn’t be much easier or harder that way.
However, you could try doing this:
iconv(mb_detect_encoding($text, mb_detect_order(), true), "UTF-8", $text);
Setting it to strict might help you get a better result.