Does order of UFW rules matter?

Solution 1:

Does the order of the rules actually matter?

Yes it does. Denies should be first in this case since they are more specific (more specific rules should go first). Example

Is there a more effective way to handle spammy requests than manually

fail2ban can scan logs, and add IPs to many types of filtering systems that match defined patterns.

Solution 2:

You can instruct ufw to insert rules at a given position:

ufw insert 1 deny from <ip> to any

This inserts the deny rule in first position instead of last.