..... and you cannot create one by the "dev/build" way.
Yes you most certainly can recreate admin members via dev/build if no members exist. You can even specify the username and password via dev/build?username=mynewuser&password=password.
I have no idea what else you can try apart from looking through the logs for the IP address. Seeing who is doing it / block that IP. And is it only the blog module - they haven't added any pages else where?. What happens if you disable the blog module (or comment out the code which allows users to write blogs on the front end)