From @Addshore
I just noticed once thing before fully signing off on cloud and figured I should write it down so that it can be looked at.
I just registered an account on a new site and in the email confirmation that I got it said Someone, probably you, from IP address 10.108.1.4,
This looks like an internal IP address to me, so something is miss configured.
I believe this is what you'll need to look at
https://github.com/wbstack/mediawiki/blob/main/dist-persist/wbstack/src/Settings/ProductionCache.php#L3-L7
It probably needs to be configurable
This probably also needs checking on .dev as the range could be different.
Fixing this for example will make it harder for spam bots to spam etc, as the IP address will actually be known by the tooling fighting spam!
AC
- Registration email does not expose internal IP but the registering user IP