Page MenuHomePhabricator

Who Is Watching showing extraneous user output
Open, Needs TriagePublic


At we're running

Product	Version
MediaWiki	1.34.4 (e34e7f2)
12:19, 24 September 2020
PHP	7.2.33-1+0~20200807.47+debian9~1.gbpcb3068 (apache2handler)
MariaDB	10.1.45-MariaDB-0+deb9u1
ICU	65.1
Elasticsearch	6.8.12

with Who's Watching 0.13.0 (ddbb2c8) 01:23, 2 October 2019

We have these settings in LocalSettings.php

$wgPageShowWatchingUsers = true;
$whoiswatching_nametype = 'UserName';

For authentication, we're using PluggableAuth with OpenIDConnect to authenticate against an external Identity Provider. The wiki is world-readable, but all user accounts for editing are provisioned by the IDP. Thus there can be no user with a UserName of N.N.N.N in the form of an IP address.

For some reason, when viewing the "Who's Watching" output for any given page, we're seeing a common set of (repeated) IP addresses like the following:

If you try to 'remove' those watchers, either the list remains unchanged, or else the IP address changes but is still listed 3 times.
One of the addresses is and another is whois lookups shows that belongs to Amazon EC2

Requests to the wiki host ( hosted at Digital Ocean) are reverse proxied by the TLD which is hosted at Amazon[1]. Is it possible that somehow these are 'forwarded-for' IP addresses or something like that?



; <<>> DiG 9.16.1-Ubuntu <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1971
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 65494
;              IN      A

;; ANSWER SECTION:       10      IN      A       10      IN      A

;; Query time: 0 msec
;; WHEN: Wed Oct 07 12:53:45 EDT 2020
;; MSG SIZE  rcvd: 77

Event Timeline

freephile renamed this task from Whos Watching showing extraneous user output to Who Is Watching showing extraneous user output.Oct 7 2020, 4:58 PM