I found a false positive incident case. Its on wordpress having all-in-one-seo-pack installed, with extra memory settled from plugin inteface. After incident caused - user cant access website. But the case is, that plugin was set so.

Jan 31 18:01:33 mano suhosin[140600]: ALERT - script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker 213.197.xxx.xxx, file /home/xxx/public_html/wp-content/plugins/all-in-one-seo-pack/all_in_one_seo_pack.php, line 188)