At https://www.familysearch.org/wiki/en/Special:Version we're running
Product Version MediaWiki 1.34.4 (e34e7f2) 12:19, 24 September 2020 PHP 7.2.33-1+0~20200807.47+debian9~1.gbpcb3068 (apache2handler) MariaDB 10.1.45-MariaDB-0+deb9u1 ICU 65.1 Elasticsearch 6.8.12
with Who's Watching 0.13.0 (ddbb2c8) 01:23, 2 October 2019
We have these settings in LocalSettings.php
$wgPageShowWatchingUsers = true; $whoiswatching_nametype = 'UserName';
For authentication, we're using PluggableAuth with OpenIDConnect to authenticate against an external Identity Provider. The wiki is world-readable, but all user accounts for editing are provisioned by the IDP. Thus there can be no user with a UserName of N.N.N.N in the form of an IP address.
For some reason, when viewing the "Who's Watching" output for any given page, we're seeing a common set of (repeated) IP addresses like the following:
If you try to 'remove' those watchers, either the list remains unchanged, or else the IP address changes but is still listed 3 times.
One of the addresses is 184.108.40.206 and another is 220.127.116.11 whois lookups shows that belongs to Amazon EC2
Requests to the wiki host (fswiki.familysearch.org hosted at Digital Ocean) are reverse proxied by the TLD which is hosted at Amazon. Is it possible that somehow these are 'forwarded-for' IP addresses or something like that?
dig familysearch.org ; <<>> DiG 9.16.1-Ubuntu <<>> familysearch.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1971 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;familysearch.org. IN A ;; ANSWER SECTION: familysearch.org. 10 IN A 18.104.22.168 familysearch.org. 10 IN A 22.214.171.124 ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Wed Oct 07 12:53:45 EDT 2020 ;; MSG SIZE rcvd: 77