Based on the fact I forwarded ssh traffic to that pi from the internet. Add that to the default password and you get the most obvious problem. Also I am not blaming pihole, but the pi running pihole. But that was not the question, just an explanation why I am firewalling everything.