I had exactly the same thing happen to me. My students were suddenly being un-enroled one by one ! The students suddenly started getting the message "You cannot enrol yourself in this course" when they tried to enter the course. I also found the "user delete" entries in the course log from an IP address of 0.0.0.0. I too thought it was from Africa (Nigeria) because that is where Google maps it.
It turns out that it was not hackers, rather, I had an Enrolment Period set for 30 days for those courses.
The default enrolment duration for manual enrolment can be set in Settings > Course administration > Users > Enrolment methods > Manual enrolment. It can be amended from the default value when enrolling users manually in Settings > Course administration > Users > Enrolled users.
The enrolment duration for self enrolment can be set in Settings > Course administration > Users > Enrolment methods > Self enrolment.
Click on Enrolment duration (be sure to uncheck the box).
You can select how long the enrolment period lasts. After this time, if a user tries to access the course they just get a message saying "You cannot enrol yourself on this course" .
Fortunately, Moodle keeps the records of the students and you can re-enrol them. When a user is unenrolled, their grades and other records are not deleted. If a user is unenrolled accidentally, their grades can be restored by going to Settings > Course administration > Users > Enrolled users, clicking 'Enrol users' and making sure that the 'Recover user's old grades if possible' checkbox is ticked in the enrolment options before re-enrolling the user.