UnrealIRCD is a good ircd. It's fully featured but still quite secure and stable. Replacing it probably stupid idea. Here is why:
From my own experience (which does includes inflicting some headaches to lame but arrogant ircops...
) I can tell the following:
I was not able to cause serious troubles to Unreal IRCD itself, at least in it's basic default configurations. At very most, I can cause some annoyances or minor problems. Or I can cause major problems in some cases but it's not a Unreal's fault but usually this is rather configuration or administrative faults and/or problems in IRCD to services interaction, etc which can exist with any ircd ans services and are matter of poor configuration or compatibility. I believe that Unreal IRCD itself is quite secure and can't be guilty of such intrusions on it's own - it has proven to survive in quite hostile networks under frequent attempts to hack it. When it configured properly, runs on secured machines, all stuff kept up to date and whole IRC network managed properly, everything should be fine. But it sometimes takes several hard lessons to learn before you'll have a secure configuration. That's actually not ircd's fault and you may have this experience with any ircd, services (or whatever else dealing with networks, ha-ha). These are human faults in managing security-sensitive things. Nothing more, nothing less.
Some things to consider:
1) Check all machines for intrusions! All ircds + services (if any). Someone maybe has gained access to one or more machines running IRCDs or even services. In IRC, all servers are "trusted" to some degree. And actually, even one compromised server can potentially cause a great harm to whole network (potentially, nothing prevents hacker from sending server commands, changing configs, abusing oper lines, adding new oper lines, issuing g-lines, etc). So if someone hacked at least one machine, he may gain a good amount of rights and have enough power to hack virtually a whole network. And the only way to prevent this is to close access to hacked machine to hacker and re-configure hacked ircd. Note: hacked machine could contain things which are hard to notice and remove like backdoors, rootkits, etc so hacker can re-gain access. If you're not familiar enough with IT security and hot to fix intrusion consequences in a reliable way you may need to seek help of some security expert. Otherwise hacker could be smarter than you and you will have problems eliminating his presence on your machine(s). So same issue can happen again sooner or later.
2) Never link untrusted servers to your IRC network. Really! If you do not trust server administrator, have reasons to doubt administrator is able to secure his machine with ircd properly, suspect that administrator can abuse his rights, etc - you MUST deny linking! This is a very good way to get your network completely messed up and you're really do not want to learn this lesson.
2.1) Check that no extra unwanted servers were added... normally this should not happen. But who knows what exactly has happened?
3) Make sure that ircops are not adding extra persons as ircops. These extra persons can be a real bastards sometimes. Sometimes you may need to use very hard countermeasurments, including juping server(s) with stupid, hostile or incompetent ircops and administrators, etc.
4) Ensure that all ircops and adminsunderstand security well. Even single idiot can cause a decent amount of troubles. For example, some stupid ircop may have his oper password sent automatically to server and there could be lack of server's address checks. So by tricking such ircop to log in into hacker's server it is possible to obtain his oper password (which can be also password of something else as well if person is a real idiot). You're really should only have trustworthy people who understands coomputer security as ircops. Otherwise you're doomed to have headaches.
4.1) Remember to kick out all idiots who're running bugged software (like outdated web forums, blogs, CMSes, etc) on same machine as ircd runs and does not bothers with updating their OS and software with all security fixes in a timely manner (this especially true if you're having Windows machines, but *nix users should not relax as well
).
5) Check your services configuration, etc. Especially services administrators, etc.
6) Btw, one hint: non-english nicknames (and sometimes even text) are generally bad idea. Real minefield. The problem is that irc services, ircd and clients are separate parts of software. Then, they're not necessarily understand same bytes sequence in exactly same way. This sometimes could be abused with very different consequences from minor annoyances up to complete irc network takeovers. At least make sure all servers and services are running with same encoding settings (allowed symbols sets should be exactly identical on ircd and services and this is far more important than you can imagine).
Note: services must (and will try) to prevent certain kinds of abuses if configured properly. However in real world there is some ways to bypass services security so you do not have to rely on this too much and still must only link secure servers with trustworthy admins and ircops only. Furthermore, services itself could be compromised as well, granting hacker even more power and comfort for abuses and annoyances.
So what? Managing complex structures like a whole irc network is a challenging task, which requires some special skills and working brain. Failure to do so may lead other persons to have fun hacking your network. Regardless of IRCDs and services used, security is not a thing you may just have by doing nothing. You have to maintain all parts of network in secure state. That's a hard task but that's how it works.
How can you stop attacks?
1) Check what exactly has been hacked. Try to detect if hacker managed to hack just a single ircd or several ircds or even let's say, services or some ircop's account or whatever else. You can try to jupe suspicious server(s) (which is/are suspected to be compromised) or remove suspicious ircops/services admins accounts on services(if applicable). You may need to read a lots of logs, etc and think a lot here. You have to locate source of troubles and understand how and why hacker gains unauthorised access.
2) You should fix problem and ensure that it no longer occurs. This is often task for a security experts. However they're not gods and you can try to act like one of them as well (this may fail first few times but you will figure out how to act properly if you're keep trying). All things you need is a working brain and to think a bit different than usually. Something like "what I will do if I want to hack this network?". So you have to find how hacker breaks in and locate security flaw allowing this. Then you have to correct it to prevent hacker's access in future. Warning: some hackers can erase all data when detecting they're discovered, etc. Plan your actions carefully and then quickly eliminate hacker's presence and fix security hole at same time, so hacker will not have chance to "revenge" (sometimes hackers are erasing all files just to erase logs with malicious activity and make it harder to track them and analyse attack they have used to break in).
3) Analyse losses and take steps against this. Evaluate which information has been available to hackers. Which passwords are potentially became known, o-lines IPs, host IPs, etc. Then, you may have to re-adjust such settings. Change passwords, remove untrusted accounts, tighten o-lines by restricting them to specific hosts, etc. Doing so only makes sense AFTER security hole eliminated so hacker can't re-appear and learn new settings or change them.
4) Learn the lessons and make conclusions what to do to prevent such issues in future.
As a minor hint, you may want to hide some critical parts of network (services, critical hubs, etc) under "fake" host names where DNS does not points to a proper IPs so their IP address remains unknown to hacker. This will make hacker's life somewhat harder since most valuable attack targets are getting harder to find and hackers have to resort to a less valuable targets, at least initially.