If you are running Ghost behind Nginx - then having $remote_addr in your log_format should show you the IP. Configuring Logging | NGINX Plus - note that this is the default. On my host the Nginx log /var/log/nginx/access.log shows the IP.
Once you have the IP you could deny access in Nginx - or drop their traffic using nftables or whatever firewall you have running on your server.
If they are coming in from an ISP their IP will likely change - be careful when blocking using netblocks.